No, wouldn't work, I suppose. With javascript functions, you can only edit the DOM-content - but not the existing HTML-page in the browser cache. So the state will still remain there.
You need to provide a token in the client-side saved state - much like the session-id in server-side state saving. Then you'll need to disable this token by some means - you can do that session based (e.g. have a list of active tokens per IP-address? use the server-side session-id directly?) If a state with the old token comes in, you provide a phase-listener which disallows entry with this old token and forwards to some new login-page. regards, Martin On 9/24/06, Gerald Müllan <[EMAIL PROTECTED]> wrote:
Hi, never had this requirement, but you can hang in a javascript function after hitting the back button and delete the state which is saved on the client. E.g. the dojo toolkit has a nice mechanism to pointcut in between. But it is just a quick thought, don`t know if it would work correctly :) cheers, Gerald On 9/24/06, fischman_98 <[EMAIL PROTECTED]> wrote: > > I am using STATE_SAVING_METHOD set to client. I have a session scoped bean > that performs login/logout methods and has two properties with public > getter/setters, username & password. > > The problem: > 1. A user logs in successfully, does some work, logs out. > 2. The session is invalidated when the user logs out. > 3. Hit the browser back button until the user gets to the login page again, > hit refresh, the user is logged in again without re-entering login > information. > > Is this due to the session state being saved on the client within the view? > > More importantly, is there anyway to keep the successful login from > happening with state_saving_method=client? > > Thanks. > > > -- > View this message in context: http://www.nabble.com/STATE_SAVING_METHOD-client-security-tf2327841.html#a6476069 > Sent from the MyFaces - Users mailing list archive at Nabble.com. > > -- http://www.irian.at Your JSF powerhouse - JSF Consulting, Development and Courses in English and German Professional Support for Apache MyFaces
-- http://www.irian.at Your JSF powerhouse - JSF Consulting, Development and Courses in English and German Professional Support for Apache MyFaces
