000011652 - Back Button On Browser Causes Cache Security Issues with RSA Adaptive Authentication

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011652
Applies ToRSA Access Manager v4.9 SP1 Web Agent for Apache 2.2
RSA On Premise Adaptive Authentication
Webservers supporting JSP pages
IssueBack Button On Browser Causes Cache Security Issues with RSA Adaptive Authentication
Cause

There were multiple issues resovled involving the back button and the enrollment page information being displayed even when users were logged out.  Engineering has added the following to the JSP pages involved.

<% Response.CacheControl = "no-cache"%>
<% Response.AddHeader "Pragma", "no-cache" %>
<% Response.Expires = -1 %>

ct_enroll.jsp
ct_enroll_images.jsp
ct_passcode.jsp
ct_challenges.jsp

ResolutionThe pages were changed in hot fix 4.9 SP1 for agents that support JSP pages. Contact RSA Customer Support and request hot fix 4.9.1.09
Legacy Article IDa56028

Attachments

    Outcomes