• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

regarding page expire

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can someone direct me as to how I can implement security issues?
For e.g. there's an administrator login/logout option. After logout, one can easily hit the "Back" button on the browser to work on the previous pages.
These pages are accessible through the "History" option in the browser too.
What is the way for me to "Expire" the web page appropriately? I'd appreciate any feedback.
Thanks,
neeli kishore
creativesoft
 
author
Posts: 3252
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
1. Use a servlet filter or the container's inbuilt security to prevent secure URLs from being retrieved by an unauthenticated or unprivileged user.
2. Stick appropriate headers in your HTML response to try and persuade browsers and proxies not to cache the page. Having said that, it never seems to completely work with all browsers and especially proxies (MS Proxy, anyone?) What the appropriate headers are? I can never remember, because I tend to use libraries that do the job for me (e.g. in Struts you can set a nocache option). There's a Cache-Control header, some date headers you can fiddle, and so forth. See the HTTP 1.1 spec.
3. If it's really secure, use HTTPS.
- Peter
reply
    Bookmark Topic Watch Topic
  • New Topic