Thanks for all the helpful input. I am using a combination of the three approaches suggested. For the record, setting the name of the password field to session.sessionID as suggested was enough to fix the problem.
From: Anjo Krank <[EMAIL PROTECTED]> Date: July 12, 2006 11:54:54 PM EDT To: Chuck Hill <[EMAIL PROTECTED]> Cc: WebObjects List <[email protected]> Subject: Re: login security issue
Am 12.07.2006 um 22:31 schrieb Chuck Hill:
If you set the headers to disallow caching it should prevent what Thomas is describing. However, if the user allowed the browser to save their password, there is nothing you can do.
Sure you can: set the name of the username field to session.sessionID. Then, when you go back and have caching disallowed and the page re-renders, it has a field name the browser hasn't seen before and so it can't fill it out. This is totally annoying for users that *want* teir info stored, though ;)
Cheers, Anjo
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list ([email protected])
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to [email protected]
