All pages are JSPs.
After added the samilar user check on sessionFilter.java class, now all
"back" action after logout will be directed to login page.
In this way, I don't need to add user check on each JSP pages.
Thanks for the hint.
Michael Jouravlev <[EMAIL PROTECTED]> wrote: D
Or use container managed security (which, I think, can be used for
static as well as dynamic content?)... Like I said, there are a lot of
options... ;-)
Michael Jouravlev wrote:
Did you say pages are static (HTML)? Or they are JSPs? Or does request
pass through Struts action? If they are not p
Did you say pages are static (HTML)? Or they are JSPs? Or does request
pass through Struts action? If they are not plain HTML, then in your
action or in JSP page check if user is logged in. If not, redirect to
login page.
Here is the simple scriptlet, that you should stick in the beginning
of ever
x27;t know whether this is possible with struts.
- Original Message -
From: "info3853 Bush" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List"
Sent: Thursday, December 01, 2005 8:32 PM
Subject: Re: How to prevent URL cached
Yes, I did that. Now all pages a
Yes, I did that. Now all pages are blank. What I really wish is that after
logout, when user hit "back" button, the page goes back to login page, never
visit all pages visited before even just blank page now.
Michael Jouravlev <[EMAIL PROTECTED]> wrote: On 12/1/05, info3853 Bush wrote:
> That's
On 12/1/05, info3853 Bush <[EMAIL PROTECTED]> wrote:
> That's true. This topic belongs to web application security.
>
> The thing is that all static content are shown when you used the "back"
> button. Of course, you can't click any link since the session is already
> invalidated.
Mark page as
That's true. This topic belongs to web application security.
The thing is that all static content are shown when you used the "back"
button. Of course, you can't click any link since the session is already
invalidated.
Normally, you do all access control through the BaseAction class s
info3853 Bush wrote:
I noticed that in many web applications, after you logout from the application, you can
still use the browser "back" button to view some pages you supposely
shouldn't. Some web applications, like gmail, if you logout, and click the back, it will
always redirect the pa
8 matches
Mail list logo
