Comments by Kosimek (Top 9 by date)

Kosimek 17-Feb-17 11:10am View

Upbringing? Seriously? Insulting people invites a like response. Did I miss your solution to my question in your post? Oh, no, there was none, it was just an entire rant dishing my coding style.

Kosimek 17-Feb-17 1:26am View

Peter, that is an unusual piece of English.
Perhaps, if you have nothing to contribute, you might go troll somewhere else. Does your mother know you visit adult websites?

Kosimek 16-Feb-17 19:29pm View

For someone who is not only unprepared to even suggest a solution to my question that seems to consist of one line of code (see updated post), you certainly seem willing to spend a inordinate amount of your time responding to my post in the negative.
If this were a language website and someone asked help in translating a single paragraph into German, Dutch or whatever languages I happen to speak, I would not have a problem doing so to help out. I certainly would not rate the question as spam, abusive or inappropriate, because it is none of those, nor would I suggest to have him take a course to learn the language in question which would be absurd.

At least ppolymorphe, the first person to respond, provided some helpful links although they basically boil down to the latter, go learn javascript.

It's not like I asked anyone here to write me an app, so may I suggest that next time you come across a post like mine, rather than reporting it as spam, abusive or inappropriate and getting the question removed from the list so nobody else will see it, you just move on and leave it to others to respond in a more helpful manner. And please, save your time and try not to respond again.

Kosimek 15-Feb-17 18:22pm View

@NotPoliticallyCorrect Because I received an email from the CodeProject stating:
"Your answer 'Populating an input field with multiple clicks in javascript' has been reported by Richard Deeming, Karthik Bangalore, NotPolitcallyCorrect and has been closed, with the reason being given as This post is spam, abusive or otherwise inappropriate."

There seems to be little point in keeping, what I considered a perfectly legitimate question, when some, including you, for some reason deemed it to be "spam, abusive or otherwise inappropriate"

The fact that you would even question my decision to remove the question, given that you are one of the people who deemed it so, is a mystery to me.

In addition, the email stated "Your article [...] will not be available in lists" which I can logically assume to mean that it cannot be found and therefore will not spur anyone else to actually offer a solution.

Kosimek 29-Apr-14 12:34pm View

Bob, virtually all of the people asking this same question on a plethora of forums want the same result. Once logged out, you should not be able to see previously accessed pages and should be directed back to the login page. The redirect after clicking the Back button should only occur AFTER the logout has taken place and so preventing caching on every page after login is not a solution.

There really are no concepts to be "mixed up". The computer does not know who is clicking the Back button and therefore anyone having access to a user's computer can click the back button and, where confidential information has been shown to the authenticated user, can view that information.

Would you be okay with logging out of your Gmail account only to have someone else click the back button and see your mail? Of course not. I authenticate people in my applications and once they logout, click the back button and then click on any link in any of the previous pages they will be directed back to the login page. But that is not the issue. The previous pages (retrieved from cache) should not be visible to anyone.

Your assertion that "you only need server-side authentication" to prevent "other users" from seeing someone's information appears to show that you don't grasp the problem. Clicking the Back button does not involve the server-side, it only involves the client side over which you have no control. And that is exactly where the problem lies.

I have come across only one way that works flawlessly in Firefox (assuming that javascript has not been turned off). However, most restrictions and redirects you implement in IE and Chrome back to a login page can be overcome by rapidly clicking the back button. It will even get you past non-cached page error messages.

The real problem is in the lack of a unified mechanism (i.e. browser independent and platform independent) to be able to force a redirect to a specific page. The fact that there are no real standards for browsers in the first place (not a surprise, God forbid we'd have standards!) does not help either.

Of course what everyone's is looking for can be achieved. Financial websites can do it, Hotmail can do it, Gmail and many others can do it but, after having looked for cross-browser, cross-platform solutions for 2-1/2 years, I still have not found anything that does the job. Most proffered solutions do not work at all and the one I found that does work, does not work on all browsers.

So the question still stands, if you have a cross-browser, cross-platform solution (not a php, asp, .net solution etc.) please let me know. I am all ears!

As far as your original post goes. I am new to this forum but if the header says "Solution 3" and gets 5 stars, someone must have indicated it to be a solution, unless of course every response is marked as Solution which would be rather silly. Cheers.

Kosimek 29-Apr-14 10:48am View

What an absolute rubbish. First of all, whether you doubt someone is working in a "high security situation" is irrelevant. The person asking the question is the one to decide that, not you. This issue is not about "load on your server", it is about safeguarding possible sensitive information. If all the information shown would be in the public domain there would not be a need to have a user log in, now would there.
Most of the gazillion people with this issue (including myself) come here looking for solutions to an issue, not to hear your condescending personal opinion that "this is not actually a problem". If you have nothing concrete to contribute, don't respond.

Kosimek 25-Apr-14 15:04pm View

@markovl Nothing was resolved 1.5 years ago (now 2.2 years ago). Instead of being insulting to someone posting a question to which to my knowledge no working, javascript independent, platform independent, cross-browser solution is available, I suggest that you either post such solution or refer to the page where such solution can be found.
You will do a gazillion people a big favour. I am certainly all ears!

Kosimek 25-Apr-14 14:56pm View

@Chris Bad answer. This issue has zero to do with rethinking application logic. Pages from the Back button are served from the client side and do not involve the server side where the application logic is located. 
I have been struggling with this issue for years, have tried every "solution" I have come across and most do not work at all, a few only work on some browsers. There is certainly no published, working, javascript independent, platform independent, cross-browser solution for this issue or I would have found it. 
The question posed clearly states that Back button functionality should be prevented AFTER logout. Even not caching the page is useless on most browsers since rapid clicking of the Back button will get you past most obstacles. Any javascript solution that does work can be subverted in any case by turning off javascript. 
In my apps you can still see previously viewed pages even though clicking on any link in them sends you directly back to the login page. However, these viewed pages may contain personal/sensitive information that should not be accessible to anyone just by clicking the Back button. 
It is of course possible. All banking applications and Hotmail to name some, send you back to the login page when you click the Back button, even when using rapid clicking of the Back button. How this is done is apparently a well-kept secret. 
If anyone has a REAL cross browser solution for this, I am all ears! And please don't tell me not to mess with the Back button. It's being done all the time. The question is how?

Kosimek 25-Apr-14 14:34pm View

Not a solution. The problem is not caused by clicking a link on an active page, the problem is the cached pages. These pages will not check to see if a user has logged since they are served from the client side.