Re: login security issue

[Thomas Pelaia II]

Xavier, To be clear, I am destroying the session.  I verified that the old session was destroyed and a new session had been created.  I also verified that the browser was really resubmitting the user name and password to the login page. -tom On Jul 13, 2006, at 6:19 AM, [EMAIL PROTECTED] wrote: From: Dev WO <[EMAIL PROTECTED]> Date: July 13, 2006 5:02:17 AM EDT To: Cliff Tuel <[EMAIL PROTECTED]> Cc: webobjects-dev <webobjects-dev@lists.apple.com> Subject: Re: login security issue I don't mean to be bad;) but autocomplete isn't part of (X)HTML, so using it will make your page "not valid". Which may not be an issue for you but it prevent you from: -having a page accessible for people with disabilities (Double-A and Triple-A require a valid page) It may also be an issue depending on the laws in your area, for example in Europe, all public related website has to be Simple-A (so you can "afford" not te be valid) but should target Double-A (which require a valid page). All this standard stuff aside, I'm not sure Thomas is having issue with caching or autocomplete. I think you're not destroying the session when the user logout. Just make sure the session is terminated in your code. Xavier

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to archive@mail-archive.com