|
Posted by Jerry Stuckle on 11/01/06 12:41
crescent_au@yahoo.com wrote:
>>Nope, because Firefox is never going to your site. It's just serving
>>the page up locally.
>>
>>You can set the page to expire immediately - but even that is only a
>>recommendation to the browser - not a requirement.
>>
>>The only solution is to close the browser after logging off.
>>
>
>
> So doesn't that mean my website is insecure? People can just go back
> and access the pages inspite of being logged out. But how come lot of
> other websites I have accessed are loggout out properly? That's why I
> thought it's something to do with my code.
>
No, it's not insecure. It means they've just gone back to the browser
cache and displayed the page.
Just make sure all of your pages which you want to be accessed only by
logged on people are protected. Then any actions they take after
logging off (even if they go back to a previous page) will be rejected.
The only danger would be if they log off and leave (i.e. a public
computer) without closing their browser. In this case someone else can
come up and see your protected pages from the history. But there is no
way you can stop that.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|