info3853 Bush wrote:
I noticed that in many web applications, after you logout from the application, you can
still use the browser "back" button to view some pages you supposely
shouldn't. Some web applications, like gmail, if you logout, and click the back, it will
always redirect the page to the login page. Some other applications, even like
ameritrade, it will allow you to view some static content just visited.
My question is that if there is any easy way in struts to configure after you logout from application, using browser "back" button will always direct you to the login page.
As with any web application, Struts-based or otherwise, you need to
secure the content you don't want to be re-visitable after logout, and
make sure that as part of your logout processing you invalidate the
current session and any authentication credentials you have stored
elsewhere.
For example, you could have a check on each request for an
'authenticated' token or flag in the session and if it's not present,
redirect to a login page.
Unfortunately, there's too many ways to approach this kind of thing to
list here. Which are appropriate depend on your requirements. Try
googling for 'web application security', you'll find *lots* of further
reading on the topic.
L.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
