Bear Bibeault wrote:Why on earth would you want to expire the session just because the user refreshed the window?
I have seen some internet banking sites doing that. If you click on the refresh button/ back button of the browser a message is displayed saying that "because of security reasons back and refresh are disabled" and you will be automatically logged out of the site. I did not understand the reason for that though. Are back and refresh a threat to security in a secure web-app??
If I'd had more time, I would have written a shorter letter. -T.S. Eliot such a short, tiny ad:
create, convert, edit or print DOC and DOCX in Java