[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Oct 2 14:18:59 CEST 2015 

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #31 from Marc Véron <veron at veron.ch> ---
(In reply to Kyle M Hall from comment #30)
> (In reply to Katrin Fischer from comment #29)
> > I tested a few times - maybe it's a firefox thing? I was using Firefox in
> > Ubuntu. It was described as a privacy measure to not request pages not
> > cached automatically again.
> 
> I also was testing this patch using Chrome and Firefox on OS X. My
> experience is that some pages would give the "cache miss" error in both
> browsers and some would just redirect to the login screen.

I think that happens if the page where you crawl back to is a page that was the
result of a (log-in)form. See first point on comment #19

To reproduce (Firefox 40.1 Win / Chrome 45.0.2454.101 m / ):
- Close all browser windows to have a clear base line
- Open OPAC main page
- Log in as user AAAA with the login form at the right on the main page
- You are now on opac-user.pl
- Go to 'your fines'
- Log out
- You are redirected to the main page
- Hit back button
- You are now on opac-account.pl, it displays the login form
- Hit back button again
- In browser address field you have .../cgi-bin/koha/opac-user.pl 
  and the browser displays a message "Document expired... Try again"
- Hit "ry again"
- Brower displays a pop-up, something like "Send data again..." 
  with buttons 'Send again' / 'Cancel'
- Hit 'Send again'

Result:
- Firefox: ...you are logged in with user AAA and can browse to other pages
- Chrome: the message on .../cgi-bin/koha/opac-user.pl says something 
  like "Confirm sendign data again" and the string  ERR_CACHE_MISS
- IE: the message on .../cgi-bin/koha/opac-user.pl says something like
  'Webite expired... local copy no longer valid...

Fazit: The patches are fine to fix things for Chrome and IE (at least the
version I tested), but with FF 40.1 I was able to get back again to a page with
a valid login.

Since the browsers behave differently (maybe additionally depending on
individual browser settings), I would like to repeat my proposition from
comment #11 (in addition to the patches):

After a logout, display a message similar to the following:
"Logout privacy warning: Please close this browser window if other persons have
access to this computer."

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.

More information about the Koha-bugs mailing list