Return-Path: Delivered-To: apmail-xml-cocoon-users-archive@xml.apache.org Received: (qmail 95016 invoked by uid 500); 16 Aug 2001 13:14:23 -0000 Mailing-List: contact cocoon-users-help@xml.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: cocoon-users@xml.apache.org Delivered-To: mailing list cocoon-users@xml.apache.org Received: (qmail 95005 invoked from network); 16 Aug 2001 13:14:22 -0000 Message-ID: From: "Morrison, John" To: "'cocoon-users@xml.apache.org'" Subject: RE: session-invalidator and back-button? Date: Thu, 16 Aug 2001 14:13:40 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N Ah, my apologies - I missed the 'logged out' bit... > -----Original Message----- > From: java guru [mailto:javacocoon@yahoo.co.in] > Sent: Thursday, 16 August 2001 2:12 pm > To: cocoon-users@xml.apache.org > Subject: RE: session-invalidator and back-button? > > > What do u mean?..the original question was "once he > logged out(which means the session is expired > purposefully) and push back button, the page is still > diplayed(from browser cache)".. > > According to this the session is programatically > expired on logout so there is no session information > stored on server..and even if the browser try to get > the page from server, it would fail as the session is > already expired... > > This is done very frequently in banking and public > email systems... > > Again correct me if wrong.. > Hey, please take it easy - it wasn't anything personal! > > > --- "Morrison, John" > wrote: > No reason - if you expire the page then it > will try > > and get it again from > > the server, if the session is still OK which keeps > > your password you won't > > be asked for it again. T'was just a though... > > > > > -----Original Message----- > > > From: java guru [mailto:javacocoon@yahoo.co.in] > > > Sent: Thursday, 16 August 2001 2:02 pm > > > To: cocoon-users@xml.apache.org > > > Subject: RE: session-invalidator and back-button? > > > > > > > > > Hi., > > > Correct me if i am wrong...why not use page > > > expiration time in http headers?.. > > > > > > > > > --- "Morrison, John" > > > > > wrote: > If you use the > > javascript:location.replace (I > > > > *think* that's what its > > > > called) I don't *believe* that the new page is > > added > > > > to the history... > > > > > > > > > -----Original Message----- > > > > > From: Enke Michael > > > > [mailto:Michael.Enke@wincor-nixdorf.com] > > > > > Sent: Thursday, 16 August 2001 1:54 pm > > > > > To: cocoon-users@xml.apache.org > > > > > Subject: Re: session-invalidator and > > back-button? > > > > > > > > > > > > > > > But if I use e-mail or banking over internet, > > > > > it is not possible to get the last page back. > > > > > And there is no extra window, the back button > > is > > > > selectable. > > > > > The server answers that an error occured or > > that > > > > > I have to login again. > > > > > > > > > > Is there a way in cocoon other than spawning > > > > another browser window? > > > > > > > > > > Michael > > > > > > > > > > Adrian Geissel wrote: > > > > > > > > > > > > Hi Michael, > > > > > > > > > > > > I believe that the only way to solve such an > > > > issue is to > > > > > 'run' the protected > > > > > > portion of your website in a spawned browser > > > > window, and > > > > > then when the user > > > > > > log's out, to close that window. This will > > > > ensure that the > > > > > Back history, > > > > > > which is local to a browser window, cannot > > be > > > > access with > > > > > permission. > > > > > > > > > > > > Hope that this helps, > > > > > > Adrian > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: Enke Michael > > > > > > > > > > To: > > > > > > Sent: Thursday, August 16, 2001 11:46 AM > > > > > > Subject: session-invalidator and > > back-button? > > > > > > > > > > > > > Hi, > > > > > > > I tryed the web-application demo from > > cocoon2 > > > > > > > where a login and logout can be performed. > > > > > > > But after logout if I press the back > > button of > > > > my browser > > > > > > > I get back into protected area without > > > > authorization. > > > > > > > How can this be avoided? > > > > > > > > > > > > > > Michael > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > Please check that your question has not > > > > already been > > > > > answered in the > > > > > > > FAQ before posting. > > > > > > > > > > > > > > > > > > To unsubscribe, e-mail: > > > > > > > > > > > For additional commands, e-mail: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > Please check that your question has not > > already > > > > been answered in the > > > > > > FAQ before posting. > > > > > > > > > > > > > > > > To unsubscribe, e-mail: > > > > > > > > > > For additional commands, e-mail: > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > Please check that your question has not > > already > > > > been answered in the > > > > > FAQ before posting. > > > > > > > > > > > > > > To unsubscribe, e-mail: > > > > > > > > > For additional commands, e-mail: > > > > > > > > > > > > > > > > > > > > > > > > > > > ============================================================== > > > ========= > > > > Information in this email and any attachments > > are > > > > confidential, and may > > > > not be copied or used by anyone other than the > > > > addressee, nor disclosed > > > > to any third party without our permission. > > There is > > > > no intention to > > > > create any legally binding contract or other > > > > commitment through the use > > > > of this email. > > > > > > > > Experian Limited (registration number 653331). > > > > Registered office: Talbot House, Talbot Street, > > > > Nottingham NG1 5HF > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > Please check that your question has not already > > been > > > > answered in the > > > > FAQ before posting. > > > > > > > > > > > > To unsubscribe, e-mail: > > > > > > > > For additional commands, e-mail: > > > > > > > > > > > > > > ===== > > > Thanks and have great day > > > srini > > > > > > > > > ____________________________________________________________ > > > Do You Yahoo!? > > > Send a newsletter, share photos & files, conduct > > polls, > > > organize chat events. Visit > > http://in.groups.yahoo.com. > > > > > > > > > --------------------------------------------------------------------- > > > Please check that your question has not already > > been answered in the > > > FAQ before posting. > > > > > > > > To unsubscribe, e-mail: > > > > > For additional commands, e-mail: > > > > > === message truncated === > > ===== > Thanks and have great day > srini > > ____________________________________________________________ > Do You Yahoo!? > Send a newsletter, share photos & files, conduct polls, > organize chat events. Visit http://in.groups.yahoo.com. > > --------------------------------------------------------------------- > Please check that your question has not already been answered in the > FAQ before posting. > > To unsubscribe, e-mail: > For additional commands, e-mail: > ======================================================================= Information in this email and any attachments are confidential, and may not be copied or used by anyone other than the addressee, nor disclosed to any third party without our permission. There is no intention to create any legally binding contract or other commitment through the use of this email. Experian Limited (registration number 653331). Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. To unsubscribe, e-mail: For additional commands, e-mail: