Bear Bibeault wrote:Why on earth would you want to expire the session just because the user refreshed the window?
I have seen some internet banking sites doing that. If you click on the refresh button/ back button of the browser a message is displayed saying that "because of security reasons back and refresh are disabled" and you will be automatically logged out of the site. I did not understand the reason for that though. Are back and refresh a threat to security in a secure web-app??
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop