Vangel, That's a good articulated answer - I like it!
It's always a popular topic with management so I'll be sure to bookmark this comment for future use. Cheers! Steve. On 19 October 2011 18:06, Vangel V. Ajanovski <a...@ii.edu.mk> wrote: > On 18.10.2011 16:30, Olga wrote: >> >> I am noted that with back browser button we can see all page history, but >> you >> can be logout or was logined with other username. >> > Correct behaviour of browser is to not contact server at all when clicking > Back button, so the content should be reproduced completely from cache. So, > you will not see a request on the server side, nor event. Of course > user/browser could be changed not to have cache, but this is in control of > the user or her administrator. > > So, even if you follow the advice to put meta tags and response variables so > that caching is disabled (or maybe to last 0 seconds) the user/browser may > choose to ignore these "hints" and *still* store the pages into cache and > *still* allow the user to press Back button and view the history. > > This is not a bug, it is inherent behaviour of web itself - its philosophy. > > Whatever you do, it will work for ~90% of users and it will work only if > they use a controlled environment - company lan, company desktops, laptopts, > maybe home enviroment. Everyone that works with your website from let's say > an internet cafe or kiosk, the computers there and the firewall and caching > proxy may be setup in such a way to *always* cache pages no matter what and > to always respond with "old" content when the user asks. > > I am not saying that you should not try, but that you should be aware of > this, and that the best solution for the other 10% is to educate everyone > that critical apps should not be used in public places where you cannot > trust the local admins. You should educate users that in order to be safe as > much as possible they should *delete browser cache and history and close all > browser windows* after logging out and especially before leaving the > computer (if it's a public computer). If your personal computer has a chance > to be used by someone else, you should not keep passwords, you should > regularly delete cache and session data. > > Also, always have in mind that the user can press the Back button at any > time, even during inside the application and possible ruin internal > transaction processes. So you have to check in you application for this. > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
