Hi Brad, Isn't suggested not to use with Struts direct links to the jsp pages? >><a href="javascript:location.replace('somePageName.jsp')" ></a> I don't recall exactly if this is the code needed to "erase"/change the location but it looks just like simple html link and still I think this doesn't solve my refresh problem I mentioned before
Cezar -----Original Message----- From: Brad Balmer [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 8:07 AM To: Struts Users Mailing List Subject: Re: Whats the security trick for not permiting the browser back button on SignOut? I ran into a similar problem with my login application. What I did was simply replace the page name that is put in the history with a page that I wanted. <a href="javascript:location.replace('somePageName.jsp')" ></a> Cezar Nasui wrote: >Hi Henry, > >The problem I noticed is if you go Back to the first page after login and >make a refresh on that page you will be able to navigate again in your app >as a new session is created 'cause refresh re-post the login data. >Your app does that? Do you know any solution for this one? >I think with some JavaScript you can erase the history of the Back button. I >don;t recall exaclty the code but I'll look for it. What I want to know is >if it's a good method as we know we shouldn't rely on user's settings (ex. >Javascript not enabled). > >Cezar > >-----Original Message----- >From: Henry Voyer [mailto:[EMAIL PROTECTED] >Sent: Wednesday, August 20, 2003 7:30 PM >To: [EMAIL PROTECTED] >Subject: Whats the security trick for not permiting the browser back >button on SignOut? > > >Hi fellow Strutser > >I have implemented securityFilter (http://securityFilter.org) in my struts >app. >But once i log off i can press the browsers back button and go back to the >users content page. >He cant do any action since the securityFilter dont let him but he can still >see the pages he already accessed. i would like to know how to implement >the redirection to signIn page for the browser back button once he SignOut. > >I have seen the examples of the Apache Admin site and the security app >examples but i cant find how they do this. > >So guys whats the trick? > >Regards and thanks for all those who worked on the securityFilter and struts >examples. > >_________________________________________________________________ >Add photos to your e-mail with MSN 8. Get 2 months FREE*. >http://join.msn.com/?page=features/featuredemail > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > >--- >Incoming mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/2003 > >--- >Outgoing mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/2003 > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]