On 18.09.2006 15:20, jantje wrote:
But, i don't want users to go back after a "logout".. beceause there is
still private information visible..
So, beside invalidating the continuations.. is it possible to avoid people
using the "go back" button?
This is nothing anybody could ever expect being handled by a server side
framework as the framework has no influence on the browser itself. So
also continuations won't allow you to handle this.
But there are some things you can do to work around the limitation:
1. The most ugly one is to delete the browsers history using JavaScript.
As this is not possible directly you have to do some ugly hacks. Besides
this it patronizes the users and is bad from an usability point of view.
2. You can provide the user a window without a navigation bar. This
solution won't work for "qualified" users as they might be able to get
the nav bar back with shortcuts. Furthermore I'd still feel patronized
and the same summary applies as for option 1. If you want to control
exactly what the user is allowed to do, you just must not develop a webapp.
3. The best solution to secure your webapp is to provide private data
only after a post request. On going backwards to such a page the user
will get presented a dialog asking for resending the form (due to post
request) - which won't work as he is no longer authenticated. I only
don't know if all old browsers behave that way as well or if it is
possible to retrieve the form result (maybe also in offline mode).
Regards,
Jörg
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
