cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joerg Heinicke <joerg.heini...@gmx.de>
Subject Re: cocoon.exit();
Date Mon, 18 Sep 2006 17:55:33 GMT
On 18.09.2006 15:20, jantje wrote:

> But, i don't want users to go back after a "logout".. beceause there is
> still private information visible..
> So, beside invalidating the continuations.. is it possible to avoid people
> using the "go back" button?

This is nothing anybody could ever expect being handled by a server side 
framework as the framework has no influence on the browser itself. So 
also continuations won't allow you to handle this.
But there are some things you can do to work around the limitation:

1. The most ugly one is to delete the browsers history using JavaScript. 
As this is not possible directly you have to do some ugly hacks. Besides 
this it patronizes the users and is bad from an usability point of view.

2. You can provide the user a window without a navigation bar. This 
solution won't work for "qualified" users as they might be able to get 
the nav bar back with shortcuts. Furthermore I'd still feel patronized 
and the same summary applies as for option 1. If you want to control 
exactly what the user is allowed to do, you just must not develop a webapp.

3. The best solution to secure your webapp is to provide private data 
only after a post request. On going backwards to such a page the user 
will get presented a dialog asking for resending the form (due to post 
request) - which won't work as he is no longer authenticated. I only 
don't know if all old browsers behave that way as well or if it is 
possible to retrieve the form result (maybe also in offline mode).

Regards,
Jörg

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message