I know it depends on the browser but this is a best effort thing and am looking for input on my current plan.
When user signs on send the current date/time of the client along with credentials and record the offset in the session (if any). All subsequent pages will have a hidden date/time field. On page load check that this field is within a small time frame (30s seconds), if it is not then reload the page. Are there any tools for struts2 or methods other struts programers use to address security after signing out? --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
