Securing a site question


General J2EE: Securing a site question

  1. Securing a site question (1 messages)


    When a user successfully logs in, I record an attribute in the session to indicate a valid login. Subsequently, I redirect the user to a welcome page.

    Now, if the user *closes* the browser window and opens a new one, they can go to the welcome page without any problem. This strange behaviour is exhibited in firefox and Netscape.

    Is there anyway to circumvent this obvious problem? I noticed that some bank sites don't behave this way. They also seem to be using cgi's (shiver), a route I don't want to take. There must be a java/servlet solution to this problem.

    Your comment/insight is welcome.

  2. Securing a site question[ Go to top ]

    The session object should have been invalidated when user closes his window. Please make sure you have cleaned the cache/offline content in your Firefox/NE.