Hi, I am trying to prevent replay attack in my web application. Here is problem, user logs out from session on shared computer but leaves browser open. Hacker clicks back on browser and hits refresh button. As a result, the authentication credentials are re-submitted and hacker is logged in. Is there anything in J2EE security that can prevent this from happening.
Originally posted by Martin Lira: Hi, I am trying to prevent replay attack in my web application. Here is problem, user logs out from session on shared computer but leaves browser open. Hacker clicks back on browser and hits refresh button. As a result, the authentication credentials are re-submitted and hacker is logged in. Is there anything in J2EE security that can prevent this from happening.
Thanks ML
when user logsout, redirect him to some other page insted of forwarding request. it should do the work.
[Servlet tutorial][Servlet 3.0 Cook Book]
And when my army is complete, I will rule the world! But, for now, I'm going to be happy with this tiny ad: