AW: Problem with user logout (Tapestry-Acegi)
hi jacob, i think that this can be achieved by disabling the caching in the http response. Cache-Control: no-cache so that the browser tries to fetch a fresh version of this page. -Ursprüngliche Nachricht- Von: jake123 [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 15. Februar 2007 22:47 An: users@tapestry.apache.org Betreff: Problem with user logout (Tapestry-Acegi) Hi all, I have a problem when a logged in user are about to logout. If I only empty my user information in session object and using SecurityContextHolder.getContext().setAuthentication(null); to empty the acegi part the user can still come back to the secured page using the browsers back button. I need to make this not possible. Does anybody know how to solve this? Thanks, Jacob -- View this message in context: http://www.nabble.com/Problem-with-user-logout-%28Tapestry-Acegi%29-tf3236292.html#a8994383 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [WARNING] AW: Problem with user logout (Tapestry-Acegi)
Hi Peter,
thanks for your response, I tried to add META HTTP-EQUIV=CACHE-CONTROL
CONTENT=NO-CACHE in the head tag in all my pages that contains a secured
annotation and then tried to logout and hit the back button on my browser
and I still get the same result... I end up in the secured page... so it
seems to not have any effect at all.
My logout function looks like this:
public String onLogOut(IRequestCycle cycle) {
getSessionUserInfo().setUserRoles(null);
getSessionUserInfo().setUserName(null);
getSessionUserInfo().setPassword(null);
/* RESET ACEGI AUTHENTICATION TO NULL */
SecurityContextHolder.clearContext();
return HomeDispatcher.PAGE_NAME;
}
Any other suggestions?
Thanks again,
Jacob
--
View this message in context:
http://www.nabble.com/Problem-with-user-logout-%28Tapestry-Acegi%29-tf3236292.html#a9005154
Sent from the Tapestry - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
AW: [WARNING] AW: Problem with user logout (Tapestry-Acegi)
hi jake,
i did not mean the html-header but the http-header. i think that you can have a
look at your online-banking application. they are probably doing the same thing.
i remember an older thread in this mailing list about this topic. perhaps you
should aks google ;-)
-Ursprüngliche Nachricht-
Von: jake123 [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 16. Februar 2007 15:26
An: users@tapestry.apache.org
Betreff: Re: [WARNING] AW: Problem with user logout (Tapestry-Acegi)
Hi Peter,
thanks for your response, I tried to add META HTTP-EQUIV=CACHE-CONTROL
CONTENT=NO-CACHE in the head tag in all my pages that contains a secured
annotation and then tried to logout and hit the back button on my browser
and I still get the same result... I end up in the secured page... so it
seems to not have any effect at all.
My logout function looks like this:
public String onLogOut(IRequestCycle cycle) {
getSessionUserInfo().setUserRoles(null);
getSessionUserInfo().setUserName(null);
getSessionUserInfo().setPassword(null);
/* RESET ACEGI AUTHENTICATION TO NULL */
SecurityContextHolder.clearContext();
return HomeDispatcher.PAGE_NAME;
}
Any other suggestions?
Thanks again,
Jacob
--
View this message in context:
http://www.nabble.com/Problem-with-user-logout-%28Tapestry-Acegi%29-tf3236292.html#a9005154
Sent from the Tapestry - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
