Probably I'm wrong, but don't you achieve this by disabling browser caching via http headers?
2010/11/9 Ken McWilliams <ken.mcwilli...@gmail.com>: > I know it depends on the browser but this is a best effort thing and am > looking for input on my current plan. > > When user signs on send the current date/time of the client along with > credentials and record the offset in the session (if any). > > All subsequent pages will have a hidden date/time field. On page load > check that this field is within a small time frame (30s seconds), if it > is not then reload the page. > > Are there any tools for struts2 or methods other struts programers use > to address security after signing out? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > -- Maurizio Cucchiara --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
