cache with secure forms

Forum Moderators: coopster

Message Too Old, No Replies

cache with secure forms

eliminating the possiblility of hitting the back button to get in

feralo

4:30 pm on Mar 31, 2006 (gmt 0)

i am in the process of trying to plan out a Content Management System and it really bugs me that after logging out, you can just hit the back button and you are back into the 'restricted' area!
The solution that i was considering was to have a processing page that handles both the login and the logout- redirecting according to the query string. Still, that doesn't seem secure... any ideas?

Also any tips (from experience) on the best procedure for planning such an application would also be appreciated.

Thanks!

coopster

11:15 pm on Mar 31, 2006 (gmt 0)

On a logout you should destroy all session data which means all the information that you are checking to see if the user was logged in. On top of every restricted page area you should be starting your session and then checking to see if the user has authenticated themselves and if they have some form of logged in status. If not, redirect them to a login page rather than continue with the script which displays the page content.