Security Fix for logoff.php

for osCommerce Online Merchant v2.2

This has been bothering me for ages. There is a glitch in the log off system of osc that allows a person to click the back button on a browser and reload the last expired page .. which could be something private like account details page or something. They can see a persons account info etc. The default osc logoff.php just needs a small piece of code added to destroy and redirect / refresh the logout page once so that if the back button is clicked the logout page will stay locked in a loop and will not go back to any previous cached page history. IN catalog/logoff.php near the top FIND: require('includes/application_top.php'); JUST BELOW it ADD this code: // BEGIN LOGOFF BACK BUTTON SECURITY FIX // Do not let the customer use back button or refresh to go back after logoff if (tep_session_is_registered('customer_id')) { //$navigation->set_snapshot(); tep_session_destroy(); // disabled above line and changed to destroy so cannot hit back button and see potentially private info tep_redirect(tep_href_link(FILENAME_LOGOFF, '', 'SSL')); // changed to FILENAME_LOGOFF instead of FILENAME_DEFAULT ... lock in loop } // END LOGOFF BACK BUTTON SECURITY FIX Now if say someone leaves their browser open and someone else comes along and hits the back button to Snoop! ... no matter how many times they click it ... the Logoff Page just refreshes itself beacuse the session is permanently destroyed and the page is telling itself not to do anything but refresh or allow them to continue on somewhere else. NOTE: No file attached

Files