HTTP is a stateless protocol and the normal HTTP process flow doesn't
give you any way to detect this sort of thing.
If the user does this:
*
hits your page
*
switches to another page on another site
*
hits "back" to get back to your page
your server sees:
*
a request for your page
*
(some time later) another identical request for your page
You do not see that the user went to a third-party page in-between. In
other words, there is no message sent from the client when it "leaves"
your page; all you get are the requests when a client "arrives".
Having said that, you might be able to workaround it with some
javascript; send a "logout" request to your server that is fired by the
onunload handler. However, that is nothing to do with apache and is a
subject for a javascript forum.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
________________________________
From: Thomas J Kaiser [mailto:thomas.j.kai...@jpmchase.com]
Sent: Thursday, July 09, 2009 4:51 PM
To: users@httpd.apache.org
Subject: [us...@httpd] Using Apache with SSL and SSO
Hi,
I'm using Apache with SSL and SSO and am trying to force
apache to require a new logon when a user navigates away from a web page
and then uses the back button to return to our web page. I'm not sure
if this is something that apache could control. Can you offer any
assistance with this or direct me to some info that could help?
Thanks.
Regards,
Thomas J. Kaiser
JPMorganChase/BankOne / Abl Systems
300 South Riverside, Ill 60603
Ph: (312) 954-0933
E-mail: thomas.j.kai...@jpmchase.com
Peregrine queue - A1CBUSCREDIT
________________________________
This communication is for informational purposes only. It is not
intended as an offer or solicitation for the purchase or sale of any
financial instrument or as an official confirmation of any transaction.
All market prices, data and other information are not warranted as to
completeness or accuracy and are subject to change without notice. Any
comments or statements made herein do not necessarily reflect those of
JPMorgan Chase & Co., its subsidiaries and affiliates. This transmission
may contain information that is privileged, confidential, legally
privileged, and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. Although
this transmission and any attachments are believed to be free of any
virus or other defect that might affect any computer system into which
it is received and opened, it is the responsibility of the recipient to
ensure that it is virus free and no responsibility is accepted by
JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable,
for any loss or damage arising in any way from its use. If you received
this transmission in error, please immediately contact the sender and
destroy the material in its entirety, whether in electronic or hard copy
format. Thank you. Please refer to
http://www.jpmorgan.com/pages/disclosures for disclosures relating to
European legal entities.
This message is for the named person's use only. It may contain confidential,
proprietary or legally privileged information. If you receive this message in
error, please notify the sender urgently and then immediately delete the
message and any copies of it from your system. Please also immediately destroy
any hardcopies of the message.
The sender's company reserves the right to monitor all e-mail communications
through their networks.
