[eluser]nevsie[/eluser]
I am looking for a good stable library for auth on my site and after running through the wiki i have come to the conclusion that the wiki needs a serious shake up! Of the Auth Libraries on there so many were referring to code from 2007, dead links, or libraries that improve upon libraries, etc, etc, etc.
Conclusion - go it my own, but learn from what we have!
The problem seems, for this question though - only one of the auth libs (a paid auth lib) considers the issue of logging in, secure data, logging out and "what happens if" the user walks away - someone can click back and start seeing the sensitive data. I know they cannot do anything apart from save the information, but they can see it as it is stored in cache on the browser/server.
I have seen three options for this -
Headers - stop it caching the HTML - not all browsers play nice, and performance issues?
JS - do a JS session check - JS can be disabled and prevent this working
Encrypt the URL at run time - making a one time only URL would work, but probably quite a few issues integrating it to CI.
So... What do people advise and do to handle this??? Advice/discussion is appreciated.
Thanks, N
