myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gerald Müllan" <bierbra...@gmail.com>
Subject Re: STATE_SAVING_METHOD client security
Date Sun, 24 Sep 2006 21:30:50 GMT
Hi,

never had this requirement, but you can hang in a javascript function
after hitting the back button and delete the state which is saved on
the client.

E.g. the dojo toolkit has a nice mechanism to pointcut in between.

But it is just a quick thought, don`t know if it would work correctly :)

cheers,

Gerald

On 9/24/06, fischman_98 <mfischer@powerconsultantsinc.com> wrote:
>
> I am using STATE_SAVING_METHOD set to client.  I have a session scoped bean
> that performs login/logout methods and has two properties with public
> getter/setters, username & password.
>
> The problem:
> 1. A user logs in successfully, does some work, logs out.
> 2. The session is invalidated when the user logs out.
> 3. Hit the browser back button until the user gets to the login page again,
> hit refresh, the user is logged in again without re-entering login
> information.
>
> Is this due to the session state being saved on the client within the view?
>
> More importantly, is there anyway to keep the successful login from
> happening with state_saving_method=client?
>
> Thanks.
>
>
> --
> View this message in context: http://www.nabble.com/STATE_SAVING_METHOD-client-security-tf2327841.html#a6476069
> Sent from the MyFaces - Users mailing list archive at Nabble.com.
>
>


-- 
http://www.irian.at

Your JSF powerhouse -
JSF Consulting, Development and
Courses in English and German

Professional Support for Apache MyFaces

Mime
View raw message