On Tue, Apr 06, 2004 at 05:32:25AM -0600, Antonio Gallardo wrote:
> Leszek Gawron dijo:
> > If you use IE (I do not know how other browsers handle this) if you serve
> > a
> > page without client cache turned off you make a security hole (IE caches
> > everything and serves even after user has logged out).
>
> Very smart browser! ROTFL!
At last if you do not close your browser window. That is a real problem
because even if you log out and login again sometimes requesting for examples
/myApp/showProjects.do you do not see your server being hit.
> > The code (assume every non internal uri goes to "main" method ):
> > var user = null;
>
> > function main( action ) {
> > cocoon.response.setHeader( "Expires", "-1" );
> > cocoon.response.setHeader( "Cache-Control", "no-cache" );
> > cocoon.response.setHeader( "Pragma", "no-cache" );
>
> All these 3 instructions, can be setted in a the HTML style transformer
> instead of doing it in Flow. If not you need to write it over and over.
HTML Transformer sets response headers? I do not think so.
META tags maybe - but IE docs say explicitly that headers are preffered over
meta tags
> In the below code, can you better use the standard authentication-fw. the
> auth-fw can also work with flow:
I do not use authentication-fw intentionally as I want to have an acces to a
complete user object ( I use hibernate ).
This is also a reason I do not use container authentication - it gives me
only username and I would have to fetch the user data every time.
lg
--
__
| / \ | Leszek Gawron // \\
\_\\ //_/ [EMAIL PROTECTED] _\\()//_
.'/()\'. Phone: +48(501)720812 / // \\ \
\\ // recursive: adj; see recursive | \__/ |
