Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

Back button problem

Help
2009-01-01
2013-04-25
  • hi all,
    We have installed yawebmail, one problem we noted is that after logout if back button is clicked it displays the mail listing. although we cannot read the mail(since session expired) this is not secure in shared computers. please let us know if any workaround to this problem.

    we tried to solve this problem by making the pages non-caching using HTTP headers, but this caused another serious problem i.e after login if we click back button(when in mailsListing page) then the login data (userid,password) is posted again and session is activated...this can be dangerous. but from other pages(displayMail.jsp etc) then this problem does not arise.

    please suggest how to solve this problem.

    regards
    -yogeen

     
    • Stephan Sann
      Stephan Sann
      2009-01-01

      Hello,

      well, indeed this is an issue.

      There are many ideas on the web how to "disable" the backbutton:
      http://www.google.ch/search?hl=enl&q=disable+back+button

      In case of yawebmail you could add an aditional logout-page ("Thank you and good bye") which includes JavaScript-Magic to prevent going back (saw this approach on the page of my bank, too). But if you want to resolve the problem at all you would have to think about a holistic solution (what if the user tries to go back two steps right away (navigation history)?

      A pragmatical way to solve the problem is to clear the cache and close the browser after using yawebmail. Generally an advisable procedure if you use webapplications on a shared computer.

      Best regards
      Stephan