Re: How to prevent URL cached

Thu, 01 Dec 2005 12:11:38 -0800

just an opinion...perhaps you can check whether the user has hit the back button. When he hits the button you might run the code that check's whether a user was logged in or not. If not...load the login page.
I do know that you can use javascript to replace the history goback(). I don't know whether this is possible with struts. ----- Original Message ----- From: "info3853 Bush" <[EMAIL PROTECTED]> 
To: "Struts Users Mailing List" <user@struts.apache.org>
Sent: Thursday, December 01, 2005 8:32 PM
Subject: Re: How to prevent URL cached
Yes, I did that. Now all pages are blank. What I really wish is that after logout, when user hit "back" button, the page goes back to login page, never visit all pages visited before even just blank page now.
Michael Jouravlev <[EMAIL PROTECTED]> wrote: On 12/1/05, info3853 Bush wrote: 
That's true. This topic belongs to web application security.
The thing is that all static content are shown when you used the "back" button. Of course, you can't click any link since the session is already invalidated. 

Mark page as non-cachable with "no-cache, no-store" cache-control
header. You may want to add some other headers too, like
must-revalidate. When you hit Back, the browser would try to reload a
page, here you would show the error.

Michael.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------
Yahoo! Personals
Single? There's someone we'd like you to meet.
Lots of someones, actually. Try Yahoo! Personals



--------------------------------------------------------------------------------


No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.10/189 - Release Date: 30/11/2005



--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.10/189 - Release Date: 30/11/2005


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to