[Seaside] Logging out from a webpage
Philippe Marschall
philippe.marschall at gmail.com
Wed Aug 1 07:32:23 UTC 2007
2007/8/1, Richard Eng <richard.eng at rogers.com>:
> Damn, you're right! The would-be expired pages don't work.
>
> Okay, so it's a caching issue. But here's a potentially dangerous situation:
> What if the would-be expired pages contain sensitive, private information?
> If you logout and walk away, someone can go to your computer, click the Back
> button and see your info. This is not good.
This is a browser issues. HTTPS pages are in general not cached and
you wouldn't want sensitive, private information to be sent
unencrypted over the internet anyway.
> So it's not enough to merely expire your pages, you have to HIDE them...
Besides the #expire you can also do a redirect to:
self session redirectTo: self session application baseUrl
Cheers
Philippe
> Suggestions?
>
> Regards,
> Richard
>
>
> On 01/08/07, Richard Eng <richard.eng at rogers.com> wrote:
> > In Firefox, Opera, and Safari, after you perform "self session expire", you
> > can still go back to previous webpages. In IE 7 under Vista, you can't.
>
> Sure this isn't a caching issue? (Do the links on the would-be expired
> pages actually work?) The code you pasted works fine for me with 2.7
> and Safari/Firefox.
>
>
> _______________________________________________
> Seaside mailing list
> Seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
More information about the Seaside
mailing list