• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Logout a user if he/she browses to another website on the same tab.

 
Neerou Basdeo
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello All,

I have a client requirement which am finding hard to resolve. I've done searches on the net but did not find any concrete solution. The requirement goes as such:
The application is built on Spring MVC 3. When the user has logged in and using the application, and the user switches to another website like Google.com then presses the back button of the browser (ie user now accesses the application) the user should be logged out. Can anyone please advise how this requirement can be achieved.

Till now I have tried to use a filter but am unable to get the previous URL (here google.com)

Thanks in advance for any advice


Regards,
Neerou
 
Paul Clapham
Sheriff
Posts: 21554
33
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just as well you can't get the URL of the previous page the user looked at, chances are that would be a security flaw. It's at least a privacy violation.

I'm curious about why that is a requirement at all. Why is it your application's business if the user decides to look at another site?
 
Neerou Basdeo
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The application am working on handles sensitive data. So the client does not want sensitive data to be available in case the a user does not log out of the application and starts navigating elsewhere. Is it a worth requirement?
 
Stephan van Hulst
Bartender
Pie
Posts: 6503
83
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It sounds like your clients don't know enough about security to make a requirement like this. Ask them why they think they need this. Let them draw up a detailed situation where they think sensitive data may be leaked.
 
Paul Clapham
Sheriff
Posts: 21554
33
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Perhaps the scenario is this:

1. Authorized person uses the app

2. Authorized person goes to some other site (in the same tab)

3. Authorized person leaves the computer unattended

4. Unauthorized person arrives and presses back button, sees the app

5. Unauthorized person uses the app

But then there's this scenario:

1. Authorized person uses the app

2. Authorized person leaves the computer unattended

3. Unauthorized person arrives

4. Unauthorized person uses the app

There isn't a technical fix to prevent that scenario from occurring, and yet it's much more likely than the first.
 
Tim Moores
Bartender
Posts: 3127
50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Companies where people leave their desk without locking their computer have a problem, in my opinion. Lots of environments actually require people to do that, by law.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic