PDA

View Full Version : Security Fix for logoff.php



michael_s
07-30-2009, 01:00 PM
Unfortunately this contribution offers nothing more than an illusion of security. All major browsers have a mechanism to allow the user to move back through the history several pages at a time, thus bypassing any redirect. Furthermore, in browsers with a DOM cache these pages will not be requested afresh from the server but served from the DOM cache, regardless of any anti-caching or expiry headers originally sent by the server.

Please note: no file attached


More... (http://addons.oscommerce.com/info/4280)