From: Geoff T. <gta...@na...> - 2000-12-06 17:46:46
|
Dawn Stowers wrote: > I looked at your SecurePage example and it seems to be just what we are going to need. I am having one problem, though. If you successfully login, then log out, then use the Back button to return to the SecureCountVisits page and then press Reload, it asks if you want to > Repost form data? (Netscape browser). When you say yes, the user is logged in and can continue accessing the page. (I also tried this with MS InternetExplorer and get a similar behavior.) > > My guess is that the login data has been cached in the client browser but I am not sure, and I am also not sure how to fix this. I've fixed the problem. I've checked in the fixed SecurePage example into CVS, so you can get it there, or if you'd like me to email you a copy, let me know. The fix was to embed an ID number as a hidden field into the Login form that can only be used once, and store the ID number in a session variable. When the user tries to log in, you compare the ID number in the request with the ID number in the session variable, and if they don't match, you don't let them log in. -- - Geoff Talvola Parlance Corporation gtalvola@NameConnector.com |