Hi all,
Our customer has raised a concern with our web application with the following scenario:
1. User logs in and uses application.
2. User types in new address in browser and navigates off our site without explicitly logging out.
3. User hits 'Back' button and is returned to our application with the original session still active.
I have seen many articles and postings related to controlling the browser cache and redirecting the user to the login when the session has expired or been invalidated, but nothing involving this scenario in which the session is still active. I'm not sure how to control this since we have a valid session. I am researching use of the 'Referer' header to see if this might be a reliable way to
test if a request came from within our application, but I suspect this is far from fool-proof.
Anyone come across similar requirements from a customer, or have experience with using 'Referer' to control this?
Thanks for any advice.