struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken McWilliams <ken.mcwilli...@gmail.com>
Subject Back button after log out should not show secure content.
Date Tue, 09 Nov 2010 00:00:13 GMT
I know it depends on the browser but this is a best effort thing and am
looking for input on my current plan.

When user signs on send the current date/time of the client along with
credentials and record the offset in the session (if any).

All subsequent pages will have a hidden date/time field.  On page load
check that this field is within a small time frame (30s seconds), if it
is not then reload the page.

Are there any tools for struts2 or methods other struts programers use
to address security after signing out? 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message