You are probably reposting your username and password to logon.do. Essentially logging on twice.
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 14, 2003 9:27 AM > To: [EMAIL PROTECTED] > Subject: Problem: Login with Struts; Security Bug? > > > Hi, > I'm using Struts 1.0.2 and experienced a unwanted behavior. > I tested it with the struts-example coming with the binaries > and it's the > same. > I'll explain it with the example so you can test it for yourself. > > 1. Ok, first you need a registered user. If you haven't > registered one do > so. > 2. Enter http://localhost:8080/struts-example/index.jsp into > your browser. > (whatever portnumber) > 3. Click "Log on to the MailReader Demonstration Application" > 4. Enter username and password. Click Login. > 5. Click"Log off MailReader Demonstration Application" > 6. Click "Back" in your Browser > 7. Click "Edit your user registration profile" > -> you are redirected to the login site. OK! You logged > off, thats the > way it should be. > 8. Click "Back" in your browser as many times as you need to > get back to the > main Menu > You should be here: > > "http://localhost:8080/struts-example/logon.do;jsessionid=ssf0t8t181" > (whatever sessionid) > 9. Click Reload in your Browser > 10. Click Link "Edit your user registration profile" > What is this??? You are in again. You can edit your > profile ! After the > logout you performed and > without to login again. It's somekind done automatically. > I don't want that!!!! > I logout and the next person using my computer can log > into my account > by reloading > an old site from the browser-cache?. > Is there a way to prevent it?? If have tried severel > mata-tags in the > html for no-caching > but nothing helps. > Maybe the browser is caching the userid and the password > Is the only solution to close the window or to close the > whole browser? > > Thanks for your help!! > Greets frazz > > -- > > > +++ GMX - Mail, Messaging & more http://www.gmx.net +++ > NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>