wood burning stoves*
The moose likes Servlets and the fly likes web page sessions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "web page sessions" Watch "web page sessions" New topic
Author

web page sessions

nikil shar
Ranch Hand

Joined: May 25, 2008
Posts: 116
hi all,
i came across a web site which offered online payment option e.g credit cards etc and after making the payment i was surprised to see i could click on the "back" button and get back to the web page where i entered all my credit card details !!!
my fellow friends argued that the transaction went over https so it was secure but my problem is that i think the session should be expired after the payment has been made so no-one can go back and view the details entered ?? please throw some light on this if you can.


thanks in advance.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60800
    
  65

When the back button was clicked, the browser most likely pulled the page out of its cache. If so, the web app in question isn't properly setting headers to prevent this.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
nikil shar
Ranch Hand

Joined: May 25, 2008
Posts: 116
would you be able to give me an example where headers are set properly to avoid this ??

thanks.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60800
    
  65

Look in the "How To" section of the JSP FAQ.
 
Consider Paul's rocket mass heater.
 
subject: web page sessions
 
Similar Threads
Joining cattle drive - Payment!
Question about Part 2 assignment.
Paying issue
show a website's response on my web page
Payment Gateway - dual verification check