[TYPO3-english] FE logout and browser back button

Katja Lampela katja.lampela at lieska.net
Tue Nov 3 22:06:48 CET 2009


bernd wilke kirjoitti:
>> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"><META HTTP-EQUIV="Expires"
>> CONTENT="-1">
> this may force some browsers to recall that page from server, where it 
> gets denied. But that will supress all browser-/proxy-caching for every 
> page.  This means a lot of more traffic for your server and a lot of more 
> waiting time for your page visitors.

Thank you. Fortunately this is not that large trafficing extra, so this 
is not a real problem. But good to remember.

>> So, what is your method in access restricted pages to prevent the
>> browser's back button to show the previous page that was in the
>> restricted area? Maybe force the browser close all together..?
> you (as page provider) can do nothing. your page visitors can clear their 
> browser cache (and proxy?) to prevent other computer-users to get content 
> from pages they visited while logged in.
> how will you prevent users to access localy stored page information 
> ('save page') after log-out?

You are right. But for a normal visitor, this just seems like a security 
risk that can and should be prevented. So it looks like two options:
1. some code (that I haven't discovered yet) that prevents caching in 
every browser
2. force browser close on logout

  With kind regards

Katja Lampela
* www.lieska.net

More information about the TYPO3-english mailing list