Educause Security Discussion mailing list archives

Re: Web page automatic time out

From: Morrow Long <morrow.long () YALE EDU>
Date: Thu, 29 May 2008 18:49:10 -0400

Here is one way -- note that it can be overcome if someone is reallydetermined, but if that isn't the problem you are trying to solve.

Use multiple META tags with output sent by a server side program toconstruct the web page (Perl, Python, ASP, PHP, etc.).

The same server side program could store any persistent values in acookie which should have an expiration date set.

0. Have the page 'expire' so that if the user goes backwards orforwards in their browser a cached page will not be shown,

        e.g. (change the date...) :

        <META HTTP-EQUIV="expires" CONTENT="Wed, 26 Feb 1997 08:21:57 GMT">

1. AND set an automatic reload/refresh in the meta-tags on the page..To refresh & reload the page every 5 minutes:

<META http-equiv="refresh" content="300;URL=https://www.college.edu/cgi-bin/foo.pl">

2. AND set a cookie with an expiration period that you check inside aserver side program (e.g. https://www.college.edu/cgi-bin/foo.pl ):

<META HTTP-EQUIV="Set-Cookie"CONTENT="oatmealcookievalue=xxx;expires=Wednesday, 21-Oct-98 16:14:21GMT; path=/">

I believe this is similar to what many banking applications due whichtime out.


H. Morrow Long, CISSP, CISM, CEH
University Information Security Officer
Director -  Information Security Office


On May 29, 2008, at 4:38 PM, Kubb, Rick wrote:

We’re looking for a way to have specific web pages automaticallytimeout after so many minutes of inactivity. For example, if anindividual is viewing a web page with confidential information on itin a public place, say a walk-up computer at a conference, thenwalks away without closing the browser, what methods are availableto have pages automatically close??? Any thoughts on this would begreatly appreciated.
Regards,

Rick.

Rick Kubb
Director of Administrative Technology
Maryville University
650 Maryville University Drive
St. Louis, MO  63141
(314) 529-9606
rkubb () maryville edu

Attachment: smime.p7s
Description:

Current thread:

Web page automatic time out Kubb, Rick (May 29)
- <Possible follow-ups>
- Re: Web page automatic time out Sarah Stevens (May 29)
- Re: Web page automatic time out Morrow Long (May 29)
- Re: Web page automatic time out Patrick P Murphy (May 30)
- Re: Web page automatic time out Cal Frye (May 30)
- Re: Web page automatic time out Jesse Thompson (Jun 05)