I'm not sure, but how do you set a cookie and have it expire in ten minutes?
-Rob --- Sean Abrahams <[EMAIL PROTECTED]> wrote: > I have a small series of web pages that talks to a > database and uses > forms to input/alter data. > > In order to get to these web pages a user has to > authenticate. If > valid, I put a cookie on their machine that expires > in 10 minutes. So > basically, they can use the forms for up to 10 > minutes, from which > time they have to log back into the system. > > My problem is that when the user exists the web > page, they can still > hit the back button and see all the data they > entered. This is a > security issue since someone could basically sit > down at the same > computer and hit back to find out some vital > information, assuming the > original user doesn't exit the browser. > > I'm trying to setup something that prevents the > client from just going > back into the secured area by hitting back. I notice > that on systems > such as Wells Fargo's online banking, once you > logoff, you cannot hit > back to get back to your account. This is exactly > what I'm trying to > do, yet I have been unable to find out how to > accomplish this. > > I already have all the no-cache meta options in my > HTML. What would be > perfect would be if there were a perl/CGI function > that could detect > if the user is going back to the .cgi file via the > back button and > then act how you choose. However, I feel there > should be an even > easier way about this. > > Any ideas? > > > Thank you, > Sean Abrahams > SFSU : Fiscal Affairs Business Systems > [EMAIL PROTECTED] > > > -- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
