Closing Browser upon Logging out
Hi all,
As the so many others who posted ( and still do) voicing their concern regarding the security whole that allows users to simply click the back button to see previously displayed data. I understand they won't be able to do anything without getting prompted by the login screen again, but the fact they can see it is scarey enough. I hope this thread puts this issue to rest at least if I can summarize it, suggest the different options available, and lead prospective inquirers in the right direction. Having read all related threads in this forum, I was disappointed to see replies either circumvente, ignore, or invalidate the issue altogether. The button line is there is no proposed solution (step by step) on how to prevent this other than generic suggestions that are probably none applicable any way.
I would like to challenge the experts in this forum to respond in a conclusive manner explaining a solution on a step by step basis (e.g. Oracle by example) approach. Form what I've seen, I can either unset the session cookie and close the browser window. Or, I can use some metadata tags somewhere in the page template to expire browser cache. I prefer to do this without closing windows, but I will be content if I'm shown how to do it.
I know expiring browser cache is doeable because our PeopleSoft application and my bank does it without closing my browser.
Again, for the htmldb experts among us, step in and show us your muscles!!!
Thanks for those who took the time to reply. The meta tags did not work. I tested it in FFox and IE with no luck. However, in the process of researching this issue. I came up with these different options. It looks like this can be done on the server and client side. I will start with client side options.
1) Use of Meta tags.
This option is widely mentioned on the net. I've seen some posts indicating that not all browsers support it. This option did not work for me in FFox or IE. The suggestion is to insert these tags in the header section of the page you want to disable going back to:
<meta http-equiv="Expires" CONTENT="0">
<meta http-equiv="Cache-Control" CONTENT="no-cache">
<meta http-equiv="Pragma" CONTENT="no-cache">
2) Froce forward on the page
Simple (not necessarily fool-proof) but works. By putting this code in the page template header section I practically disabled 'BACK' button on all pages in the application. You can selectively put in any page you want to disable going back to. Any way, you really do not need the 'BACK' button since all branching is taken care off using items you specify.
<script language="JavaScript">
<!--
javascript:window.history.forward(1);
//-->
</script>
3) Replace current page in history.
The idea here is to disable logging the current page in the browser history. This way, user can not go back to this page. I was able to get this to work making my own page and I liked it. But I was not able (or did not know how) to get it to work with the LOGOUT link in HTMLDB. This method works when a user branches out from page A to B using a link in A. I tried using a link of my own to replace HTMLDB default logout navigator link. It worked, but I was not able to unset the cookie along with it. If you know how, please share with us.
No back button when you do this.
you can see an this implemented here http://www.4guysfromrolla.com/webtech/111500-1.2.shtml
4) Close browser upon logging off.
Last resort. I got it to work in IE but not FFox. In the later, you can not close window unless it was opened from the same script. I did not mind this method, it is just I never got it to work in FFox.
Finally, I've see some server side code to expire pages ,but I really did not have time to play with it yet.
I used the method I liked the least, but it worked. If you know how to implement any of the others, please share.
You can get more details here http://www.4guysfromrolla.com/webtech/111500-1.shtml.
Thanks.
Similar Messages
-
How can I set up a standard account to auto disconnect from the wireless network upon logging out (Using Mavericks)? There used to be a setting for this in previous versions of OSX but I can't find it in the new version.
How can I set up a standard account to auto disconnect from the wireless network upon logging out (Using Mavericks)? There used to be a setting for this in previous versions of OSX but I can't find it in the new version.
-
Getting Error 500 when pressing the backbutton of the browser after log out
I am working on a web project , and am using AJAX in my application. I need to get list of templates and events stored in the database when my page is being loaded so im using AJAX. the problem is, when i press the logout in my page and after logging out if i press the browsers back button then im getting the Http Error 500.
Regarding this issue i previously also posted but i havent get solved my problem. (may be i havent posted my source code , rather i just posted error message.).
Here is the error message of the browser,
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
java.lang.NullPointerException
com.koffee.eon.subscriber.action.TemplateNames.doPost(TemplateNames.java:66)
javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:416)
Here is my source code of the TemplateNames class,
package com.koffee.eon.subscriber.action;
import com.koffee.eon.subscriber.persistence.*;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.http.HttpServlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.text.SimpleDateFormat;
import java.util.*;
public class TemplateNames extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String html="",html1="";
HttpSession session=request.getSession();
UserCompleteDetails sessionDetails=(UserCompleteDetails)session.getAttribute("userdetails");
System.out.println("checking session after logout"+sessionDetails);
if(sessionDetails==null)
System.out.println("session details in if condition is:"+sessionDetails);
response.sendRedirect("/login.jsp");
System.out.println("after checking "+sessionDetails);
String type=null;
type=request.getParameter("type");
String subscriberUserEONId=sessionDetails.getUserEonId();
System.out.println("subscriberUserEONId from session is: "+subscriberUserEONId);
SimpleDateFormat sdfDate=new SimpleDateFormat("yyyy-MM-dd");
SimpleDateFormat sdfTime=new SimpleDateFormat("HH:mm:ss");
TemplateManagement dbObj=new TemplateManagement();
EventManager dbObj1=new EventManager(); // for events
List templateNames=dbObj.getTemplates(subscriberUserEONId);
List eventIds=dbObj1.getEventsCompleteList(subscriberUserEONId); // for events
System.out.println("size of list of templates is:" + templateNames.size());
System.out.println("size of list of events is: "+eventIds.size()); // for events
if(type==null)
html+="<table><tr><td>Select Your Invitation Card: ";
html+="<select name=\"templateName\" class=\"cell\" onchange=getImage(this.value) onblur=checkTemplate() tabindex=\"1\">";
html+= "<option value=\"0\">Select</option>";
HashMap hmap=new HashMap();
try {
for(int i=0;i<templateNames.size();i++) {
TemplateMaster bean=(TemplateMaster)templateNames.get(i);
Integer templateid=bean.getTemplateId();
String templatepath=bean.getTemplateRelevantpath();
hmap.put(templateid,templatepath);
System.out.println("path recevied from db for template is: "+templatepath);
System.out.println("template id received from db is : "+templateid);
html+= "<option value=\"" + templateid + "\">" + templateid + "</option>";
} catch(Exception ee) {ee.printStackTrace();}
session.setAttribute("hmap", hmap);
html+="</select></td></tr><tr><td>";
System.out.println("path new is : "+html);
html+="</td>";
System.out.println(html);
html+="</td></tr><tr><td>Select an Event: ";
html+="<select name=\"eventId\" class=\"cell\">";
try {
for(int j=0;j<eventIds.size();j++) {
EventMaster bean=(EventMaster)eventIds.get(j);
String eventName=bean.getEventName();
Integer eventId1=bean.getEventId();
String eventStartDate=sdfDate.format(bean.getEventStartdate());
String eventStartTime=sdfTime.format(bean.getEventStarttime());
String eventId=eventName+" on "+eventStartDate+" at "+eventStartTime;
System.out.println("event id from database is : "+eventId1);
System.out.println("event list from database is : "+eventId);
html+= "<option value=\"" + eventId1 + "\">" + eventId + "</option>";
} catch(Exception eee) {eee.printStackTrace();}
html+="</select></td></tr></table>";
System.out.println(html);
out.println(html);
out.flush();
out.close();
if(type!=null)
html1+="</td></tr><tr><td>Select an Event: ";
html1+="<select name=\"eventId\" class=\"cell\">";
try {
for(int j=0;j<eventIds.size();j++) {
EventMaster bean=(EventMaster)eventIds.get(j);
Integer eventId1=bean.getEventId();
String eventId2=eventId1.toString();
String eventName=bean.getEventName();
String eventStartDate=sdfDate.format(bean.getEventStartdate());
String eventStartTime=sdfTime.format(bean.getEventStarttime());
String eventId=eventName+" on "+eventStartDate+" at "+eventStartTime;
System.out.println(eventId);
html1+= "<option value=\""
+ eventId2 + "\">" + eventId + "</option>";
} catch(Exception eee) {eee.printStackTrace();}
html1+="</select></td></tr></table>";
out.println(html1);
out.flush();
out.close();
}chinni wrote:
java.lang.NullPointerException
com.koffee.eon.subscriber.action.TemplateNames.doPost(TemplateNames.java:66)Do you understand when a NPE will be thrown? Some object reference at line 66 of TemplateNames.java is null while you didn't expect and you still invoke/access it. To fix this, add a nullcheck or just instantiate the reference. -
Opening OEM for two Oracle 11gR2 Databases in the same web browser automatically log out.
Hi to everyone,
I have an issue regarding Oracle Enterprise Manager in 11gR2. I have two database (SWPROD, PDPROD) in a single server. When I open the OEM URL for SWPROD it is successfully logged on but when I open the OEM URL for PDPROD and successfully logged on the other tab for SWPROD will automatically logged out. And when I switch to the other tab for PDPROD it is also automatically logged out. Both OEM URL is open in a single web browser like Mozilla Firefox. What would be the reason why both OEM URL will be logged out when I open them at the same time?
Thank you for your incoming response.Well it seems the only way to clear these out of EM was to shut BOTH RAC nodes down and power them up one at a time. Now the updates aren't shown as required and my compliance score is where it should be.
Is this a bug ? Seems pretty stupid to have to shut down both RAC nodes to fix this. Powering a single RAC node off and back on did not clear this.
Unless i'm missing something?? -
OS 10.8.5 crashes upon logging out
I'm suddenly experiencing the login window crashing on 10.8.5. It happens every time I log out. The login screen never appears, it just turns/stays gray. I have to manually shut off the mini and reboot while holding down the option key. Which I have to do repeatedly until it works, as this only succeeds a third of the time. How do I fix this?
I resolved the issue. When I Verified Disk Permissions in Disk Utility, it showed some conflict. Repair Disk Permissions corrected them and my mini no longer crashes on the login window.
-
Launching NAL object upon logging out
I would like to know if its possible to launch a NAL object when user is
logging out.
Thanks in advance,
RicardOn Mon, 16 Apr 2007 14:23:25 GMT, Ricard Malvesi Saguer wrote:
> I would like to know if its possible to launch a NAL object when user is
> logging out.
only with a scheduled action which than calls up nal with switches for the
app
Marcus Breiden
If you are asked to email me information please change -- to - in my e-mail
address.
The content of this mail is my private and personal opinion.
http://www.edu-magic.net -
Homepage, Toolbar, and Default browser settings won't stay after logging out and then back in.
We have Firefox ESR 17.0.7. Our Enterprise uses Firefox as our default. We are trying to figure out why we keep some settings and lose other settings. Upon logging out we lose settings like Home Page, Toolbar changes and making Firefox the default browser. We can set them but overnight the setting will not exist anymore. We have tried creating a new profile using the profile manager and even pointing the profile folder to a different location to see if that helps. But to no avail.
You probably do not use CCleaner, but if you do, or if you use another "clean up" tool that runs at Windows launch or shutdown, make sure to create an exception for the Firefox Profiles folder.
-
Log out botton in webpages doesn't work
When I log into a secure site and I want to log out the button doesn’t work. I have to close the browser to log out. This occurred after I installed the new version 8.0. What is the problem? Should I go back to the previous version?
Did you update to LR 6.0.1 / LR CC 2015.0.1 ?
<snip>
von Pete.Green (30. April 2015)
Today we released an update to Lightroom, Lightroom CC 2015.0.1 (Also, Lightroom 6.0.1) is now available.
This bug fix addresses issues related to launching Lightroom and accessing online help.
To Update:
Choose "Help > Updates" within Lightroom, or click Update from the Creative Cloud desktop application.
(If you're an early downloader, you may need to restart the CC Desktop application for update to show)
<snip> -
firefox keeps remembering a website and won't allow me to log out and will not return to login page. been to cookies, saved password options, says no password is saved but it is. nothing helps
It might be that you are logged in with HTTP authentication (either basic or digest). This authentication is arranged by the browser, so you would have seen a pop-up dialog asking for a user name and password while logging in. It seems that these are cached by the browser and it requires you to restart the browser to log out...
http://en.wikipedia.org/wiki/Basic_access_authentication
http://www.tolaris.com/2009/09/08/logging-out-of-http-auth-with-firefox/
Because I found that having to restart the browser quite annoying I stumbled on this question and also on the HTTP Logout add-on that allows you to log out without restarting your browser. Not many sites use HTTP Authentication, but you might give it a try.
https://addons.mozilla.org/en-US/firefox/addon/http-logout/ -
How to manage settings so account are logged out of when browser is closed.
Before the last update, when I closed the browser all of my accounts were logged out of. That is no longer the case and I don't know how to fix the settings to bring it back to the way it used to be.
I am in private browsing and tried the about:config trick where I set browser.sessionstore.privacy_level to either 1 or 2: it didn't work.There are separate downloads for the two plugins, but Adobe has made updating smoother by installing an auto-updater that handles both. It only seems to run when I restart Windows, but that might be configurable (I haven't checked). Anyway, no worries on interference, they coexist quite happily.
(When downloading any Flash player, be careful not to install unwanted additional software such as security suites...) -
I log out correctly every time making sure all windows are closed but every time i log back in a window appears saying "well this is embarrassing, we are having trouble opening your page (or something close to that, i cant remember the exact words) then at the bottom it says"this is usually due to a window being open (or close to that) then it asks me if i want to close or restore the session and it has a list of the last 2 pages i opened.
But i ALWAYS close them before logging out. Why does it keep doing this? Do we have a clever hacker or something?hello lexi, this is currently a problem in firefox when you first close all open firefox windows and then close the application afterwards - the bug should be addressed in a later version of firefox.
as a workaround in the meanwhile you could close firefox (through firefox > quit) while the browser window is still running or try this: enter about:config into the firefox location bar (confirm the info message in case it shows up) & search for the preference named '''browser.sessionstore.resume_from_crash'''. double-click it and change its value to '''false'''. -
Firefox does not log out of Gmail/Facebook when window is closed
I have set each page to not 'keep signed in' for both Gmail and Facebook (have not tried others) and yet when I close firefox and re-open, my pages are still fully logged in.
I have taken steps to clear cookies and history, close browser, open browser, log into Gmail and Facebook in new sessions and made sure the options to remain logged in were not selected and then closed the browser only to re-open and have my accounts still open.
Additionally, beyond that I have enabled the clear history when firefox closes option for 'active logins', 'cookies', and 'cache'. Still the sessions persist. This should not be possible. None of the tabs are pinned currently.
A friend, having the same settings (we think) was finding that Facebook sessions would be logged out, but his Gmail session would still be active for his inbox but attempting to reach account settings would require him to log in. In my experience, I was able to get to the account settings page without having to log in.
What is going on? How do we get Firefox to behave like it used to (like it should)?it's in about:config, browser.sessionstore.privacy_level
see this thread:
https://support.mozilla.com/en-US/questions/876494#answer-247809 -
Not all the time, but very frequently when I close a tab it stays open in the background(if it is a video, I can hear it still playing) When I exit out of the browser completely it keeps running in the background. It appears to be closed. When I try to reopen it (i.e.- double click desktop icon, got to start menu and try to open), nothing happens. I have tried to reinstall firefox during some of these times and it says the browser is open and I have to close it before installation can continue. That tells me the browser is somehow not closing when I close it, that it runs in the background with no way to control it without logging out or restarting computer. I do not have any problems like this with Internet Explorer or Google Chrome.
I only had a few addons installed, I disabled Zone Alarm toolbar, View Source Chart 3.01. I also had 5 separate java console updates/addons, and I uninstalled all but the latest java console 6.0.21. All I have now is Roboform 6.9.98, Firebug 1.5.4, Java console 6.0.21, Java quick starter 1.0. So far, so good, the problem has not occurred today. I hope this is it, I will be more sure after a few days problem free. Thanks for the info.
-
When I log into my online banking and then log out, I get a pop-up message that says my browser is trying to block me from logging out properly and recommends closing my browser to maintain security. This does not happen on any other website I log into.
Windows 7, Firefox 4.0. I have the exact same problem. Those solutions had no effect, I still get the error message described by OP.
And I also get "Firefox prevented this page from automatically redirecting to another page" as well as when I look at this page
http://www.wbir.com/weather/radar/local/default.aspx
I get "Firefox has prevented this page from automatically reloading"
I know of tools/options/general/accessibility/warn me when..., but I don't want to turn that off for all sites. Is there a way to whitelist trusted sites so only those sites will be allowed to automatically reload and redirect? -
How to close browser window after user log out
Hi,
Does anyone know how I can close browser window after user logs out. The scenario is when user clicks a log out button I will invalidate user session and close the browser right away in the backing bean.
Your help would be appreciated.Try run this and you'll see that it runs fine with no exceptions:
<%
String someText = "bla bla bla";
response.setContentType("text/plain");
response.setHeader("Content-Disposition", "attachment;filename=message.txt");
try {
ServletOutputStream os = response.getOutputStream();
os.write(someText.getBytes());
os.flush();
os.close();
} catch (Exception e) {
out.println("ERROR: " + e);
%>It looks like that after I've closed the outputStream I can't do any more processing in the JSP. Even if I remove the setContentType and setHeader methods it still behaves this way.
I'm starting to think that there's no way around this...??
Maybe you are looking for
-
Error while activating Infospoke
Hi, I have created an infospoke where i need data from infocube to be extracted to a CSV file. When i select a local file in the destination tab, the process chain facility is getting disabled BUT the background running is diabled. For the background
-
How do I get Address Book cards to show the groups that person is in?
I have set up ten groups, and get get individuals into one or more groups. But I want their individual card to also show what group(s) that person is in. Can't find a way to do that.
-
Is it possible to import messages into Mail that are in .csv format?
Just in case my previous topic subject was preventing some folks from checking this out, I'lll try to ask my question in a more generic way. I have an archive of a mailbox from another email program that I'm trying to move over to Apple Mail. My arch
-
Ingestion Performance with Out-of-line on Large Schema
I have a large and complex schema consisting of 5 XSD's and few hundred complex types and a few thousand elements. This schema will be used for loading files ranging from 50mb to 650mb. Since there are circular references and self references, I have
-
Does anyone have an idea for me?