On Sunday, May 5, 2002, at 11:20 , Teresa Raymond wrote:
> I have the following script to logout, but when you push the back button
> on the browser you can have access to the database. I would like that
> not to happen.
the two strategies that I can think about are
a) put an expire on all your pages
{ timing is a bit tricky here }
b) solve the 'active session' problem - so that
as a part of your 'log out' sequence - you destroy
the 'session' with the cache.... Hence any back
button trick would reference a 'session value' in the
'hidden field' that is no longer cached on the server
as being an active session - hence forcing a re-validate-user event.
the problem here is that the 'page' is most likely cached,
which is OK - since that allows the user to 'back button'
to prior pages that contain the information they were
doing the initial query for....
ciao
drieux
---
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
