WebApp Sec mailing list archives
IE "refresh" method.
From: <Jason_D_Norman () Dell com>
Date: Fri, 16 Jul 2004 16:32:00 -0500
We have a strange behavior being noted on a web app. Within IE (version 6 patched to within an inch of it's life, on Windows XP), we have a page loaded that has a session timeout (via a Java method). The session timeout is set to, say, 5 minutes. After 6 minutes, if a user refreshes the page using either our "refresh" button on the page (which uses 'java.document.location.reload(true)'), or if the user uses F5 to refresh the page, the session timeout is invoked and the user is redirected to the login page. However, if the user presses the refresh / reload button in the toolbar, the page refreshes....no timeout occurs....and the session timer re-sets to 0, as though the user just clicked thru from an authenticated page. So, my question is: is there any documented difference between F5 refresh and the refresh button? I haven't found anything in MSDN, though the search is ponderous and terrifying. Any insight / info would be hugely appreciated. thanks, jason norman enterprise system test dell, inc.
Current thread:
- IE "refresh" method. Jason_D_Norman (Jul 17)
- Re: IE "refresh" method. Peter Conrad (Jul 19)
- <Possible follow-ups>
- RE: IE "refresh" method. BĂ©noni MARTIN (Jul 19)