• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Form security - clicking back in the browser

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there any way to prevent the browser from remembering information entered into a form filed in cached pages ?

Say for instance a customer purchases an item using his creditcard. After logging out from the commerce-site he leaves the computer forgetting to close the browser window.

Now user #2 sits down at the same computer. Clicking the back-buttom repeatedly he eventually reaches the form that usere #1 filled in with his cc-information. He quickly notes it and uses it for whatever illegal purposes.

Is there any way to prevent user #2 from obtaining the information user #1 entered ?

I've tested this on the system we are using, and since the browser never issues any new requests when you click "back" there really isn't any way to handle this serverside.

Possible solutions i've come up with so far:

- Use password-fields instead of html-text. Not a feasible approach since we don't want to hide the information the user enters with *'s during entry.

- Instead of submitting the textfield directly; when the user submits, use javascript to set a hidden form-field to the same value the textfield had, clear the textfield and then use the information in the hidden field. Seems to be a usable approach but i'm not sure if it really solves the problem.

I get the feeling there is an easy solution out there, I just can't seem to stumble onto it.

Any insights appreciated

//Linus Nikander - linus@nikander.net
 
If you open the box, you will find Heisenberg strangling Shrodenger's cat. And waving this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic