SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    Just Blow It bronze trophy
    DaveMaxwell's Avatar
    Join Date
    Nov 1999
    Location
    Mechanicsburg, PA
    Posts
    7,294
    Mentioned
    123 Post(s)
    Tagged
    1 Thread(s)

    Clear Cache and disable the Back Button

    OK, I've searched in the forum and I did find one answer which would partially meet my needs, but the answers from 2000, so I'm hoping a better way has arrived by now.

    The situation: I am working on an asp-based EDMS system that will be running on a secured network (customer is part of the US federal government). The customer needs to log into the secured domain, then log into the website through web-based authentication which uses session variables to control what the user has access to seeing. That all runs fine and dandy.

    The problem: The problem occurs when they log out. My code wipes out all the sesion variables so the user essentially has no access to the system if they try to do anything. The problem is the back button. It allows the user to go back and see what was done prior to logout. This is unacceptable to the customer. They would like to prevent their users from going back through the history once they log out of the system.

    Question: Is there a way to disable the back button and/or clear the cache and history (or close the browser by default) so that once our users can log out, that's it?

    I've seen answers that have said you can only close windows if you've opened them yourself(which I'd rather not have to do) and I've seen code which would overwrite the history, but still leave the cache accessible. I'd prefer an approach which will stop them from doing anything until they log back into the system.

    The system is all IE5.5 or 6 based if that helps.
    Dave Maxwell - Manage Your Site Team Leader
    My favorite YouTube Video! | Star Wars, Dr Suess Style
    Learn how to be ready for The Forums' Move to Discourse

  2. #2
    The doctor is in... silver trophy MarcusJT's Avatar
    Join Date
    Jan 2002
    Location
    London
    Posts
    3,509
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1) You can't disable fundamental browser features like forwards and backwards navigation.

    2) You can't clear the cache - only the user can do this.

    3) You can use a flaw in the security model of IE 5/6 (assuming it hasn't been fixed with a patch yet) to allow a window to close itself. See here:
    http://www.sitepointforums.com/showt...threadid=69983


    Does that help?
    MarcusJT
    - former ASP web developer / former SPF "ASP Guru"
    - *very* old blog with some useful ASP code

    - Please think, Google, and search these forums before posting!

  3. #3
    SitePoint Wizard davidjmedlock's Avatar
    Join Date
    Dec 2002
    Location
    Nashville, TN USA
    Posts
    1,688
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    window.close() should work to close any browser window, whether you open it or not. Problem w/that is if you didn't open the browser, it will ask the user if they want to close it... I know that you do stuff with the back button, but I'll have to look around for it... Get back to ya ASAP.

  4. #4
    SitePoint Wizard davidjmedlock's Avatar
    Join Date
    Dec 2002
    Location
    Nashville, TN USA
    Posts
    1,688
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hm, all I could find was this:

    Code:
    <body onLoad="window.history.forward()">
    But, you probably found all the stuff I did in your search...

  5. #5
    SitePoint Guru bronze trophy blufive's Avatar
    Join Date
    Mar 2002
    Location
    Manchester, UK
    Posts
    853
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should be able to play with the HTTP/1.1 Cache-control headers (note, the real HTTP Headers, NOT anything in the HTML <head>

    You can't clear the cache, but you can prevent the browser caching the pages at all, or (less drastically) make the browser "forget" fairly quickly. Cache-control: private combined with a 5 minute expiry should do for most purposes, or Cache-control: no-store to prevent the browser storing pages altogether.

    See http://www.mnot.net/cache_docs/#CONTROL or http://www.w3.org/Protocols/rfc2616/...4.html#sec14.9 for more details

  6. #6
    SitePoint Wizard Bill Posters's Avatar
    Join Date
    Dec 2001
    Location
    UK
    Posts
    1,523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by M@rco
    ...
    3) You can use a flaw in the security model of IE 5/6 (assuming it hasn't been fixed with a patch yet) to allow a window to close itself. See here:
    http://www.sitepointforums.com/showt...threadid=69983
    Marco, I figure ten months is long enough to have formulated a response to my request for clarification (in that thread).
    So how about it then? Any chance you're gonna substantiate that claim or are you gonna just repeat it and avoid substantiating it this time too?


    It would also be good if you could (finally) get round to responding to the various questions I asked about that method in that thread.

    I'm trying to increase my knowledge on the subject, but I'm waiting for something a little more substantial than a glib claim before I believe that something is or isn't the case.


    Re: the kind of patch you refer to above:
    Would that mean that the method will no longer work at all or that the method would no longer be a security issue?

    TIA


    Of course, this request also goes out to Flawless Koder who was equally unable to substantiate the 'security issue' claim effectively (though he made the attempt).
    New Plastic Arts: Visual Communication | DesignateOnline

    Mate went to NY and all he got me was this lousy signature

  7. #7
    The doctor is in... silver trophy MarcusJT's Avatar
    Join Date
    Jan 2002
    Location
    London
    Posts
    3,509
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    See that thread for my response....
    MarcusJT
    - former ASP web developer / former SPF "ASP Guru"
    - *very* old blog with some useful ASP code

    - Please think, Google, and search these forums before posting!

  8. #8
    Just Blow It bronze trophy
    DaveMaxwell's Avatar
    Join Date
    Nov 1999
    Location
    Mechanicsburg, PA
    Posts
    7,294
    Mentioned
    123 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by M@rco
    2) You can't clear the cache - only the user can do this.
    Bummer. Oh well

    Quote Originally Posted by M@rco
    3) You can use a flaw in the security model of IE 5/6 (assuming it hasn't been fixed with a patch yet) to allow a window to close itself. See here:
    http://www.sitepointforums.com/showt...threadid=69983


    Does that help? [img]images/smilies/biggrin.gif[/img]
    That does help. Does exactly what I needed it to do (they wanted to close the window in the first place, but I thought it was unfriendly).
    Dave Maxwell - Manage Your Site Team Leader
    My favorite YouTube Video! | Star Wars, Dr Suess Style
    Learn how to be ready for The Forums' Move to Discourse


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •