Hello, > I am making an application using CGI::App and H::T. The problem is > that if a user logs out, then presses the Back browser button, he > sees the page before the logout. In this case, I am just executing > the homepage run mode without anything special. The question is what > can I do to prevent this? Is there any special mechanism used to do > this? This is my first "serious" web application and I don't know how > to prevent this to happen. I'm think I don't quite understand your problem. But here are my two guesses: 1) Problem: You don't want people to see the run modes of your app, if they aren't logged in. Solution: when you you check authentication at the beginning of your app (presumably in cgiapp_prerun() ), just check if the user is allowed to call the run mode he has requested. 2) Problem: You can't determine if a user has logged out or not, therefore the homepage run mode is executed even after a user has logged out. Solution: Use an authentication flag, which is set to "false" if a user logs out. When checking authentication in cgiapp_prerun you simply check for that flag. If it is set to "false" then redirect the user to "Expire Page". Hope I somehow guessed _something_ right Anyway, if you are starting to do "serious" web app development you should take a look at the owasp (open web application security project) site http://www.owasp.org/ and more specifically at the owasp guide http://www.owasp.org/guide/ have fun Benjamin -- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT/P dx s: a? C(+++) L++ P+++ N++ w PS+ PE-(++) Y+ PGP t+ 5- X R@ !tv b+++ DI(+) D+ G e++(+++) UF++ h-- r@ y? ------END GEEK CODE BLOCK------ --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/suppressed/ To unsubscribe, e-mail: suppressed For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.