> I need a way to be able to determine the cipher strength of browsers link to
> my site. Also does anyone know how to disable the Back button within the
> browser to stop people going to the previous page?, or a way to make the
> page expire as the user leaves the page. Have any of you Apache / Tomcat
> experts got a way of stopping the user going back to the previous page ?.
There's usually a cgi environment variable (its name varies depending
on the server) that tells you the cipher strength.
There are various ways of defeating the "back" button but that's
obnoxious to the user. I'm certainly not going to encourage it.
You can defeat caching HTTP pages setting pragma: nocache and ALSO
putting an expiration date in the past and maybe 1 or 2 other things.
Read the HTTP spec and set ALL the headers that can possibly turn off
caching. Some browsers are very aggressive about caching and you have
to be very persistent to make them stop. However, when the page is
sent by HTTPS, the browser normally won't cache it, since it would be
bad to leave secret data on the HD for other people to find. If
that's what you're worried about, it's generally taken care of.