Gossamer Forum
Home : Products : Gossamer Mail : Discussion :

overlib.js and a touchy issue

Quote Reply
overlib.js and a touchy issue
Hi

Do not know if this has been asked before. overlib.js is used for reading upto 500 characters of the mail. Now consider the following scenario:

A user logs in to his/her mail account.
Honestly logs out by clicking LogOff/Exit link.
However, in a hurry he doesn't close the browser and just leaves.

The guy who just walks in and goes to the same m/c and finds the logged out window there. He/She just hits the browser back button. Now even this person can read upto 500 charaters of the mail....

So how to tackle this situation... once a user logs out, hitting browser back button or respective keyboard shortcuts, the auth error should be displayed.

i am not sure if this has been asked before but this is an interesting case

TIA

Thanks
HyTC
==================================
Mail Me If Contacting Privately Is That Necessary.
==================================
Quote Reply
Re: [HyperTherm] overlib.js and a touchy issue In reply to
I tried the same thing on Yahoo ... logout and then hit browser back button to get back into the account. It doesn't ... it redirects to login page. Not checked on hotmail and gmail, but gossamer mail allows one to get back from the logout page by hitting the browser back button after logging out (both cookie and no cookie).

Can this issue be taken care of in Gossamer mail also?
It needs attention from security and privacy issue angle.
Tested on freemaildotgossamer-threads.com and it's the same there also, one can hit browser back button and get to read first few characters of mail after logging out from the account.

Thanks
HyTC
==================================
Mail Me If Contacting Privately Is That Necessary.
==================================
Quote Reply
Re: [HyperTherm] overlib.js and a touchy issue In reply to
The way they are doing it is they are telling the browser not to cache any of those requests. That means if they press the back button, it's rerequests the page. This increases the security, but that means there will be more load on your server (as well as bandwidth usage). We'll probably add this as a feature for the next release.

Adrian