After Logout a user is able to see cached pages that may include secure information
From: day_drummond (ddrummond@cmisinc.com)
Date: 11/04/02
- Next message: Kevin Yu: "Re: How to use WindowsPrincipal properly??"
- Previous message: Sitaraman: "Re: Certificate store: How en-/decryption with certificate private/public key?"
- Next in thread: msnews.microsoft.com: "Re: After Logout a user is able to see cached pages that may include secure information"
- Reply: msnews.microsoft.com: "Re: After Logout a user is able to see cached pages that may include secure information"
- Reply: Hans Olav: "Re: After Logout a user is able to see cached pages that may include secure information"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: ddrummond@cmisinc.com (day_drummond) Date: 4 Nov 2002 08:40:57 -0800
I have a web site that has several levels of security. The problem I
am having is when a user is logged out the browser back button lets
another user see the cached pages from the previous user. This would
not be an issue except some of the information cached may be
restricted based on security level.
When a user clicks Log Out I execute
FormsAuthentication.SignOut()
Response.Redirect("Login.aspx?ForceLogout=1")
This works fine. I want to know is there some property that can be
checked on the Application or an HTTP collection that will tell me if
the user is authenticated. I don't want to try to authenticate a user,
I just want to know if they are authenticated at the current time. I
could use a check on such a property to disallow browsing away from
the login page. I have seen suggestions to clear the browser cache or
to close the current browser and reopen the login page in a new
browser but these seem unfriendly to the user.
I am looking forward to a suggestion on how to prevent a user from
browsing back to secure information after FormsAuthentication.SignOut
has been executed.
Thanks
Daylan Drummond
Software Engineer
Election.com
- Next message: Kevin Yu: "Re: How to use WindowsPrincipal properly??"
- Previous message: Sitaraman: "Re: Certificate store: How en-/decryption with certificate private/public key?"
- Next in thread: msnews.microsoft.com: "Re: After Logout a user is able to see cached pages that may include secure information"
- Reply: msnews.microsoft.com: "Re: After Logout a user is able to see cached pages that may include secure information"
- Reply: Hans Olav: "Re: After Logout a user is able to see cached pages that may include secure information"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
