Evergreen

tpac: after logout, patrons can view account information by using the back button

Bug #1013300 reported by Kathy Lussier
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Evergreen
Fix Released
High
Unassigned
Evergreen 2.3.0-alpha2
2.2
Fix Released
High
Unassigned
Evergreen 2.2.1

Bug Description

Evergreen version 2.2 RC1

After logging out of tpac, if a patron uses their back button, they can view their account details. If the user then performs an aaction or hits reload, their account information is no longer available. Discussion in IRC suggested that a no-cache header might fix this.

Revision history for this message
Thomas Berezansky (tsbere) wrote :

How about this?

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/tsbere/tpac_myopac_no_cache

tags: added: pullrequest
Revision history for this message
Bill Erickson (berick) wrote :

I've been meaning to open a ticket for this. Thanks, Kathy.

+1 to Thomas' solution.

A short term workaround would be to add something like this to the *:443 VirtulHost section of the eg.conf Apache config.

     <LocationMatch /eg/opac>
         Header set Cache-Control "no-cache, no-store, must-revalidate"
         Header set Pragma "no-cache"
         Header set Expires "-1"
     </LocationMatch>

Thomas' approach is a better long term solution, though, since it only takes effect when a user is logged in (and it will Just Work for the kpac as well).

Revision history for this message
Michael Peters (mrpeters) wrote :

Thomas's solution works just as advertised.

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=commitdiff;h=22b453666bc06750735424f21c38cdcb76ae34cf

tpac_myopac_no_cache_signoff

tags: added: signedoff
Changed in evergreen:
importance: Undecided → High
status: New → Confirmed
Jason Stephenson (jstephenson)
Changed in evergreen:
milestone: none → 2.3.0-alpha2
Revision history for this message
Dan Scott (denials) wrote :

Tested, works, pushed to master and rel_2_2.

Thanks Thomas!

Changed in evergreen:
status: Confirmed → Fix Committed
Revision history for this message
Dan Scott (denials) wrote :

And thanks, Michael, for testing & signing-off as well!

Jason Stephenson (jstephenson)
Changed in evergreen:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.