RE: Using Apache with SSL and SSO

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

HTTP is a stateless protocol and the normal HTTP process flow doesn't give you any way to detect this sort of thing.
 
If the user does this:
  • hits your page
  • switches to another page on another site
  • hits "back" to get back to your page
your server sees:
  • a request for your page
  • (some time later) another identical request for your page
You do not see that the user went to a third-party page in-between. In other words, there is no message sent from the client when it "leaves" your page; all you get are the requests when a client "arrives".
 
Having said that, you might be able to workaround it with some _javascript_; send a "logout" request to your server that is fired by the onunload handler. However, that is nothing to do with apache and is a subject for a _javascript_ forum.
 

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.


From: Thomas J Kaiser [mailto:thomas.j.kaiser@xxxxxxxxxxxx]
Sent: Thursday, July 09, 2009 4:51 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Using Apache with SSL and SSO

Hi,  

  I'm using Apache with SSL and SSO  and am trying to force apache to require a new logon when a user navigates away from a web page and then uses the back button to return to  our web page.   I'm not sure if this is something that apache could control.     Can you offer any assistance with this or direct me to some info that could help?   Thanks. 

 

Regards,

 

Thomas J. Kaiser

JPMorganChase/BankOne /  Abl Systems

300 South Riverside,  Ill 60603

Ph: (312) 954-0933

 

E-mail: Thomas.J.Kaiser@xxxxxxxxxxxx

Peregrine queue - A1CBUSCREDIT

 

This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and affiliates. This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. Please refer to http://www.jpmorgan.com/pages/disclosures for disclosures relating to European legal entities.

 
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message.
The sender's company reserves the right to monitor all e-mail communications through their networks.
 
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux