• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Logout a user if he/she browses to another website on the same tab.

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello All,

I have a client requirement which am finding hard to resolve. I've done searches on the net but did not find any concrete solution. The requirement goes as such:
The application is built on Spring MVC 3. When the user has logged in and using the application, and the user switches to another website like Google.com then presses the back button of the browser (ie user now accesses the application) the user should be logged out. Can anyone please advise how this requirement can be achieved.

Till now I have tried to use a filter but am unable to get the previous URL (here google.com)

Thanks in advance for any advice


Regards,
Neerou
 
Marshal
Posts: 28177
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Just as well you can't get the URL of the previous page the user looked at, chances are that would be a security flaw. It's at least a privacy violation.

I'm curious about why that is a requirement at all. Why is it your application's business if the user decides to look at another site?
 
Neerou Basdeo
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The application am working on handles sensitive data. So the client does not want sensitive data to be available in case the a user does not log out of the application and starts navigating elsewhere. Is it a worth requirement?
 
Saloon Keeper
Posts: 15484
363
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It sounds like your clients don't know enough about security to make a requirement like this. Ask them why they think they need this. Let them draw up a detailed situation where they think sensitive data may be leaked.
 
Paul Clapham
Marshal
Posts: 28177
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Perhaps the scenario is this:

1. Authorized person uses the app

2. Authorized person goes to some other site (in the same tab)

3. Authorized person leaves the computer unattended

4. Unauthorized person arrives and presses back button, sees the app

5. Unauthorized person uses the app

But then there's this scenario:

1. Authorized person uses the app

2. Authorized person leaves the computer unattended

3. Unauthorized person arrives

4. Unauthorized person uses the app

There isn't a technical fix to prevent that scenario from occurring, and yet it's much more likely than the first.
 
Saloon Keeper
Posts: 7582
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Companies where people leave their desk without locking their computer have a problem, in my opinion. Lots of environments actually require people to do that, by law.
 
Whip out those weird instruments of science and probe away! I think it's a tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic