Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

web page sessions

 
nikil shar
Ranch Hand
Posts: 116
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,
i came across a web site which offered online payment option e.g credit cards etc and after making the payment i was surprised to see i could click on the "back" button and get back to the web page where i entered all my credit card details !!!
my fellow friends argued that the transaction went over https so it was secure but my problem is that i think the session should be expired after the payment has been made so no-one can go back and view the details entered ?? please throw some light on this if you can.


thanks in advance.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65111
89
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When the back button was clicked, the browser most likely pulled the page out of its cache. If so, the web app in question isn't properly setting headers to prevent this.
 
nikil shar
Ranch Hand
Posts: 116
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
would you be able to give me an example where headers are set properly to avoid this ??

thanks.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65111
89
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Look in the "How To" section of the JSP FAQ.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic