Posted by Michael Fesser on 11/01/06 07:30

..oO(crescent_au@yahoo.com)

>So doesn't that mean my website is insecure?

No.

>People can just go back
>and access the pages inspite of being logged out.

Of course they can go back in the browser history, but if they're logged
out they shouldn't be able to do anything on that expired page anymore.

>But how come lot of
>other websites I have accessed are loggout out properly?

It's a common "problem", but usually nothing to worry about. When I log
into my webmail account to clean up my spam folder for example and then
log off, I can still go back in the browser's history. But if I then
click a link and try to access a protected page I get the message that
I'm no longer logged in.

Micha

[Back to original message]