http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10016
Ed Veal <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #22130|0 |1 is obsolete| | --- Comment #12 from Ed Veal <[email protected]> --- Created attachment 22131 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=22131&action=edit Bug 10016: force zero browser-side caching of SCO pages This patch makes the web-based self-check module pages specify that no browser (or proxy caching) occur at all. This prevents a security issue where letting the SCO session time out, then hitting the back button allowed one to view the previous patron's session. This patch adds an optional fifth parameter to output_with_http_headers(), and output_html_with_http_headers(), a hashref for miscellaneous options. One key is defined at the moment: force_no_caching, which if if present and set to a true value, sets HTTP headers to specify no browser caching of the page at all. To test: [1] Start a web-based self-check session and optionally perform some transactions. [2] Allow the session to time out (it may be helpful to set SelfCheckTimeout to a low value such as 10 seconds). [3] Hit the back button. You should not see the previous patron's self-check session. [4] Verify that prove -v t/Output.t passes. Signed-off-by: Galen Charlton <[email protected]> Signed-off-by: Ed Veal <[email protected]> -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
