|
|
Posted by C. (http://symcbean.blogspot.com/) on 01/07/08 12:31
On 7 Jan, 04:36, jc...@lycos.com wrote:
> Hello,
>
> I have a form that uses a basic passphrase to ensure an employee user
> is who they say they are. One field uses 'text' as the input type and
> the other uses 'password'. When a query has been run, a user can
> click the browser back button and the name is still there intact but
> the password field is blank. My question is, what would the 'SESSION'
> code look like that would allow a user to click their back button
> where the 'userpass' field holds the original passphrase in the same
> manner the browser holds the user name within the text field?
>
> thanks very much,
> John
>
> <td>User Name:</td><td align="left"><input type="text" name="username"
> size="29" maxlength="30" value=""></td></tr>
>
> <td>User Password:</td><td align="left"><input type="password"
> name="userpass" size="29" maxlength="30" value=""></td></tr>
All bets are off when it comes to the browsers 'back' button. Even if
you've got all the caching correct, both MSIE and Firefox (and
possibly many other browsers too) maintain a two+ tier cache - if the
delay is short enough, the browser will use a cached copy of the page
REGARDLESS of the caching information sent with the page when the back
button is pressed.
You should seperate the authentication and action - either use one of
the standard HTTP authentication schemes (but not BASIC unless its
over SSL) or have a sperate login page to create a session.
C.
Navigation:
[Reply to this message]
|