How to implement a timeout page in Grails
I need some help dealing with timeouts in a Grails app.
Context: In my Grails application I have sensitive information being displayed. Obviously this mean开发者_如何学Gos that someone cannot stay logged in, and if they forget to log out I need to time them out. What I have implemented now is a system like this:
-When the person logs in successfully, a session variable isValid is set to true.
-In all my controllers if a method is called that can render or redirect to a gsp, I check that value. If at any time isValid is null, they are immediately redirected to an error page.
-Each gsp has a jquery timeout function that redirects the user to a timeout error page if they time out and sets isValid to false (which should theoretically stop them from using the app anyways).
The redirects all work fine. The problem I am having is that when a user times out, they can still use the back button to return to a cached version of the last page they were on. Obviously this defeats the purpose of timing out.
Question: Does anyone know how I can prevent a user from leaving the timeout page or guarantee that once timed out they will always be redirected to the timeout page?
Thanks
The redirects all work fine. The problem I am having is that when a user times out, they can still use the back button to return to a cached version of the last page they were on. Obviously this defeats the purpose of timing out.
Why not add an AJAX request back to your app on page load (which should be fired when a user presses the back button in the browser) that verifies the session is still valid and if not redirects the user to the timeout page? Should be simple enough.
Also, if the information is sensitive make sure you are setting the cache / content expire related HTTP headers to let the browser know it should not cache the page(s). The draw back here is that some browsers don't fully respect these settings.
精彩评论