[TYPO3-english] FE logout and browser back button
Katja Lampela
katja.lampela at lieska.net
Tue Nov 3 22:06:48 CET 2009
Hi,
bernd wilke kirjoitti:
>> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"><META HTTP-EQUIV="Expires"
>> CONTENT="-1">
>
> this may force some browsers to recall that page from server, where it
> gets denied. But that will supress all browser-/proxy-caching for every
> page. This means a lot of more traffic for your server and a lot of more
> waiting time for your page visitors.
Thank you. Fortunately this is not that large trafficing extra, so this
is not a real problem. But good to remember.
>> So, what is your method in access restricted pages to prevent the
>> browser's back button to show the previous page that was in the
>> restricted area? Maybe force the browser close all together..?
>
> you (as page provider) can do nothing. your page visitors can clear their
> browser cache (and proxy?) to prevent other computer-users to get content
> from pages they visited while logged in.
>
> how will you prevent users to access localy stored page information
> ('save page') after log-out?
You are right. But for a normal visitor, this just seems like a security
risk that can and should be prevented. So it looks like two options:
1. some code (that I haven't discovered yet) that prevents caching in
every browser
2. force browser close on logout
--
With kind regards
Katja Lampela
*Lieska-tuotanto
* www.lieska.net
More information about the TYPO3-english
mailing list