Re: How to prevent URL cached

2005-12-02 Thread info3853 Bush
All pages are JSPs. After added the samilar user check on sessionFilter.java class, now all back action after logout will be directed to login page. In this way, I don't need to add user check on each JSP pages. Thanks for the hint. Michael Jouravlev [EMAIL PROTECTED] wrote: Did

How to prevent URL cached

2005-12-01 Thread info3853 Bush
I noticed that in many web applications, after you logout from the application, you can still use the browser back button to view some pages you supposely shouldn't. Some web applications, like gmail, if you logout, and click the back, it will always redirect the page to the login page.

Re: How to prevent URL cached

2005-12-01 Thread info3853 Bush
That's true. This topic belongs to web application security. The thing is that all static content are shown when you used the back button. Of course, you can't click any link since the session is already invalidated. Normally, you do all access control through the BaseAction class

Re: How to prevent URL cached

2005-12-01 Thread Michael Jouravlev
On 12/1/05, info3853 Bush [EMAIL PROTECTED] wrote: That's true. This topic belongs to web application security. The thing is that all static content are shown when you used the back button. Of course, you can't click any link since the session is already invalidated. Mark page as

Re: How to prevent URL cached

2005-12-01 Thread info3853 Bush
Yes, I did that. Now all pages are blank. What I really wish is that after logout, when user hit back button, the page goes back to login page, never visit all pages visited before even just blank page now. Michael Jouravlev [EMAIL PROTECTED] wrote: On 12/1/05, info3853 Bush wrote: That's

Re: How to prevent URL cached

2005-12-01 Thread Simons Kevin
whether this is possible with struts. - Original Message - From: info3853 Bush [EMAIL PROTECTED] To: Struts Users Mailing List user@struts.apache.org Sent: Thursday, December 01, 2005 8:32 PM Subject: Re: How to prevent URL cached Yes, I did that. Now all pages are blank. What I really

Re: How to prevent URL cached

2005-12-01 Thread Michael Jouravlev
Did you say pages are static (HTML)? Or they are JSPs? Or does request pass through Struts action? If they are not plain HTML, then in your action or in JSP page check if user is logged in. If not, redirect to login page. Here is the simple scriptlet, that you should stick in the beginning of

Re: How to prevent URL cached

2005-12-01 Thread Laurie Harper
Or use container managed security (which, I think, can be used for static as well as dynamic content?)... Like I said, there are a lot of options... ;-) Michael Jouravlev wrote: Did you say pages are static (HTML)? Or they are JSPs? Or does request pass through Struts action? If they are not