Very informative Vangel. Thanks. On Wed, Oct 19, 2011 at 6:04 PM, Steve Eynon <steve.ey...@alienfactory.co.uk > wrote:
> Vangel, > > That's a good articulated answer - I like it! > > It's always a popular topic with management so I'll be sure to > bookmark this comment for future use. Cheers! > > Steve. > > > On 19 October 2011 18:06, Vangel V. Ajanovski <a...@ii.edu.mk> wrote: > > On 18.10.2011 16:30, Olga wrote: > >> > >> I am noted that with back browser button we can see all page history, > but > >> you > >> can be logout or was logined with other username. > >> > > Correct behaviour of browser is to not contact server at all when > clicking > > Back button, so the content should be reproduced completely from cache. > So, > > you will not see a request on the server side, nor event. Of course > > user/browser could be changed not to have cache, but this is in control > of > > the user or her administrator. > > > > So, even if you follow the advice to put meta tags and response variables > so > > that caching is disabled (or maybe to last 0 seconds) the user/browser > may > > choose to ignore these "hints" and *still* store the pages into cache and > > *still* allow the user to press Back button and view the history. > > > > This is not a bug, it is inherent behaviour of web itself - its > philosophy. > > > > Whatever you do, it will work for ~90% of users and it will work only if > > they use a controlled environment - company lan, company desktops, > laptopts, > > maybe home enviroment. Everyone that works with your website from let's > say > > an internet cafe or kiosk, the computers there and the firewall and > caching > > proxy may be setup in such a way to *always* cache pages no matter what > and > > to always respond with "old" content when the user asks. > > > > I am not saying that you should not try, but that you should be aware of > > this, and that the best solution for the other 10% is to educate everyone > > that critical apps should not be used in public places where you cannot > > trust the local admins. You should educate users that in order to be safe > as > > much as possible they should *delete browser cache and history and close > all > > browser windows* after logging out and especially before leaving the > > computer (if it's a public computer). If your personal computer has a > chance > > to be used by someone else, you should not keep passwords, you should > > regularly delete cache and session data. > > > > Also, always have in mind that the user can press the Back button at any > > time, even during inside the application and possible ruin internal > > transaction processes. So you have to check in you application for this. > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- *Regards,* *Muhammad Gelbana Java Developer*
