|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
May 6th, 2003, 07:20 AM
|
|||
|
|||
|
Cookies / history
Please help!
How can I ensure that cookies / history are NEVER saved so that once my user has closed their browser window no-one else can view the same pages. Thanks
|
|
#2
May 6th, 2003, 07:31 AM
|
||||
|
||||
|
Well you really cant prevent your site being saved in the history. Generally you can set headers that will cause the browser not to cache the page and therefore when they access it from the history a new request to the server is made.
|
|
#5
May 21st, 2004, 08:48 AM
|
||||
|
||||
|
All you can do is ask the client program (i.e., IE (like the pun?)) to discard the data, there is no way you can enforce that. It is much better to use meaningless tokens on the client that expire in a very short period (they can be refreshed as often as the user access a page) and store any relevant data on the server. Anything else is insecure, period. This goes for any and all SSL connections, the client can record anything and everything in clear text.
__________________
Left DevShed May 28, 2005. Reason: Unresponsive administrators. Free code: http://sol-biotech.com/code/. Secure Programming: http://sol-biotech.com/code/SecProgFAQ.html. Performance Programming: http://sol-biotech.com/code/PerformanceProgramming.html. It is not that old programmers are any smarter or code better, it is just that they have made the same stupid mistake so many times that it is second nature to fix it. --Me, I just made it up The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man. --George Bernard Shaw
|
|
#6
June 6th, 2004, 10:52 AM
|
|||
|
|||
|
if you have a microsoft domain then try using roaming profiles that store that stuff on the server in the users profile and not the local machine and only gets pushed down to the user that logged in. actualy just having the users log into a domain and not giving them rights to other users profiles would have the same affect unless they crack the local admin account or domain admin account. if you have novell server then use zenworks with dynamic local user that deletes the local user account at log off. this all only applies if using windows XP/2000/2003, 9x has no security built in, you could purchase a cleaning tool that will wipe those entries out at logoff and delete using DoD standards for cleansing just do a google search theres plenty out there.
Last edited by juniperr : June 6th, 2004 at 10:58 AM.
|
|
#7
June 7th, 2004, 04:25 PM
|
|||
|
|||
|
Quote
"Cookies / history Please help! How can I ensure that cookies / history are NEVER saved so that once my user has closed their browser window no-one else can view the same pages. Thanks" What platform scripting e.g. or is this a user on a network?
|
|
| Viewing: Dev Shed Forums > System Administration > Security and Cryptography > Cookies / history |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Same here
Linear Mode
