I have a small series of web pages that talks to a database and uses forms to input/alter data.
In order to get to these web pages a user has to authenticate. If valid, I put a cookie on their machine that expires in 10 minutes. So basically, they can use the forms for up to 10 minutes, from which time they have to log back into the system. My problem is that when the user exists the web page, they can still hit the back button and see all the data they entered. This is a security issue since someone could basically sit down at the same computer and hit back to find out some vital information, assuming the original user doesn't exit the browser. I'm trying to setup something that prevents the client from just going back into the secured area by hitting back. I notice that on systems such as Wells Fargo's online banking, once you logoff, you cannot hit back to get back to your account. This is exactly what I'm trying to do, yet I have been unable to find out how to accomplish this. I already have all the no-cache meta options in my HTML. What would be perfect would be if there were a perl/CGI function that could detect if the user is going back to the .cgi file via the back button and then act how you choose. However, I feel there should be an even easier way about this. Any ideas? Thank you, Sean Abrahams SFSU : Fiscal Affairs Business Systems [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
