All pages are JSPs.
After added the samilar user check on sessionFilter.java class, now all
back action after logout will be directed to login page.
In this way, I don't need to add user check on each JSP pages.
Thanks for the hint.
Michael Jouravlev [EMAIL PROTECTED] wrote: Did
I noticed that in many web applications, after you logout from the
application, you can still use the browser back button to view some pages
you supposely shouldn't. Some web applications, like gmail, if you logout, and
click the back, it will always redirect the page to the login page.
That's true. This topic belongs to web application security.
The thing is that all static content are shown when you used the back
button. Of course, you can't click any link since the session is already
invalidated.
Normally, you do all access control through the BaseAction class
On 12/1/05, info3853 Bush [EMAIL PROTECTED] wrote:
That's true. This topic belongs to web application security.
The thing is that all static content are shown when you used the back
button. Of course, you can't click any link since the session is already
invalidated.
Mark page as
Yes, I did that. Now all pages are blank. What I really wish is that after
logout, when user hit back button, the page goes back to login page, never
visit all pages visited before even just blank page now.
Michael Jouravlev [EMAIL PROTECTED] wrote: On 12/1/05, info3853 Bush wrote:
That's
whether this is possible with struts.
- Original Message -
From: info3853 Bush [EMAIL PROTECTED]
To: Struts Users Mailing List user@struts.apache.org
Sent: Thursday, December 01, 2005 8:32 PM
Subject: Re: How to prevent URL cached
Yes, I did that. Now all pages are blank. What I really
Did you say pages are static (HTML)? Or they are JSPs? Or does request
pass through Struts action? If they are not plain HTML, then in your
action or in JSP page check if user is logged in. If not, redirect to
login page.
Here is the simple scriptlet, that you should stick in the beginning
of
Or use container managed security (which, I think, can be used for
static as well as dynamic content?)... Like I said, there are a lot of
options... ;-)
Michael Jouravlev wrote:
Did you say pages are static (HTML)? Or they are JSPs? Or does request
pass through Struts action? If they are not
8 matches
Mail list logo