Hi all
I added the tweak to db.cgi that prevents a user from going [back] in the browser history and doing things after logoff. However - this is easily circumvented if a user goes all the way back in a browser history to the screen where the UID/pw was first typed in; what happens is that the UID/pw is still retained in the input fields, so really anyone can still login. Can this be fixed? Or does it require cookies?
I had added
unlink ("$auth_dir/$uid");
For the first modification, and it works fine for its purposes, but I'd like its function to be expanded if possible. .. (?)
TIA
I added the tweak to db.cgi that prevents a user from going [back] in the browser history and doing things after logoff. However - this is easily circumvented if a user goes all the way back in a browser history to the screen where the UID/pw was first typed in; what happens is that the UID/pw is still retained in the input fields, so really anyone can still login. Can this be fixed? Or does it require cookies?
I had added
unlink ("$auth_dir/$uid");
For the first modification, and it works fine for its purposes, but I'd like its function to be expanded if possible. .. (?)
TIA