httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: [users@httpd] Using Apache with SSL and SSO
Date Fri, 10 Jul 2009 06:56:34 GMT
HTTP is a stateless protocol and the normal HTTP process flow doesn't
give you any way to detect this sort of thing.
If the user does this:

	hits your page
	switches to another page on another site
	hits "back" to get back to your page

your server sees:

	a request for your page
	(some time later) another identical request for your page

You do not see that the user went to a third-party page in-between. In
other words, there is no message sent from the client when it "leaves"
your page; all you get are the requests when a client "arrives".
Having said that, you might be able to workaround it with some
javascript; send a "logout" request to your server that is fired by the
onunload handler. However, that is nothing to do with apache and is a
subject for a javascript forum.
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 


	From: Thomas J Kaiser [] 
	Sent: Thursday, July 09, 2009 4:51 PM
	Subject: [users@httpd] Using Apache with SSL and SSO


	  I'm using Apache with SSL and SSO  and am trying to force
apache to require a new logon when a user navigates away from a web page
and then uses the back button to return to  our web page.   I'm not sure
if this is something that apache could control.     Can you offer any
assistance with this or direct me to some info that could help?




	Thomas J. Kaiser

	JPMorganChase/BankOne /  Abl Systems

	300 South Riverside,  Ill 60603

	Ph: (312) 954-0933



	Peregrine queue - A1CBUSCREDIT




	This communication is for informational purposes only. It is not
intended as an offer or solicitation for the purchase or sale of any
financial instrument or as an official confirmation of any transaction.
All market prices, data and other information are not warranted as to
completeness or accuracy and are subject to change without notice. Any
comments or statements made herein do not necessarily reflect those of
JPMorgan Chase & Co., its subsidiaries and affiliates. This transmission
may contain information that is privileged, confidential, legally
privileged, and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. Although
this transmission and any attachments are believed to be free of any
virus or other defect that might affect any computer system into which
it is received and opened, it is the responsibility of the recipient to
ensure that it is virus free and no responsibility is accepted by
JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable,
for any loss or damage arising in any way from its use. If you received
this transmission in error, please immediately contact the sender and
destroy the material in its entirety, whether in electronic or hard copy
format. Thank you. Please refer to for disclosures relating to
European legal entities. 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. If you receive this message in error, please notify the
sender urgently and then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. 
The sender's company reserves the right to monitor all e-mail communications through their

View raw message