Re: [Phpgroupware-users] Re: FAQ? and admin authentication bugs (addendum)

[Chris Weiss]

Patrick Price (address@hidden) wrote*:
>
>The other problem with the admin authentication - pages are cached:
>
>I can be in admin/config (or header admin) and select Logout.
>
>Going to /phpgroupware/setup gives me login screen.  It *appears* that I
>am logged out..
>
>Click Back button on browser (IE 5.5) to the cached admin screen.

IE's caching is way to agressive.

>
>Reload/Refresh page re-authenticates me without password and logs me
>back in somehow (hidden form vars?).  If you don't hit refresh you don't
>get reauthenticated - you'll see the page but cannot do anything without
>login screen coming back up.

When i hit "back" it tells me the page has expired.  Refresh and it asks me to
repost the form (the login form) so in effect I am logging in again.

So either I am not experiencing the same thing as you, or you have a great
missunderstanding about how web based apps and browsers work.  It's really 
rather
simple, they do what you tell them to.  You tell it to repost a form it's gonna 
do
it.  On the server there is no way at all of telling weather you clicked submit 
or
told IE to go ahead and repost through a refresh, it all looks the same.


So maybe there needs to be a blurb on the login screen wanring people to not use
back buttons?  In general back buttons are very bad in web apps.  they are not 
to
be used unless there is no other way.  I learned this many years ago and I guess
many of us take this for granted.