struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maurizio Cucchiara <>
Subject Re: Back button after log out should not show secure content.
Date Tue, 09 Nov 2010 08:52:12 GMT
Probably I'm wrong, but don't you achieve this by disabling browser
caching via http headers?

2010/11/9 Ken McWilliams <>:
> I know it depends on the browser but this is a best effort thing and am
> looking for input on my current plan.
> When user signs on send the current date/time of the client along with
> credentials and record the offset in the session (if any).
> All subsequent pages will have a hidden date/time field.  On page load
> check that this field is within a small time frame (30s seconds), if it
> is not then reload the page.
> Are there any tools for struts2 or methods other struts programers use
> to address security after signing out?
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Maurizio Cucchiara

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message