Hi, never had this requirement, but you can hang in a javascript function after hitting the back button and delete the state which is saved on the client.
E.g. the dojo toolkit has a nice mechanism to pointcut in between. But it is just a quick thought, don`t know if it would work correctly :) cheers, Gerald On 9/24/06, fischman_98 <[EMAIL PROTECTED]> wrote:
I am using STATE_SAVING_METHOD set to client. I have a session scoped bean that performs login/logout methods and has two properties with public getter/setters, username & password. The problem: 1. A user logs in successfully, does some work, logs out. 2. The session is invalidated when the user logs out. 3. Hit the browser back button until the user gets to the login page again, hit refresh, the user is logged in again without re-entering login information. Is this due to the session state being saved on the client within the view? More importantly, is there anyway to keep the successful login from happening with state_saving_method=client? Thanks. -- View this message in context: http://www.nabble.com/STATE_SAVING_METHOD-client-security-tf2327841.html#a6476069 Sent from the MyFaces - Users mailing list archive at Nabble.com.
-- http://www.irian.at Your JSF powerhouse - JSF Consulting, Development and Courses in English and German Professional Support for Apache MyFaces
