7 Replies Latest reply on Mar 14, 2017 1:33 PM by ScottieG11

    Cached Browser History Allows Access Outside of Secure Session

    amandana Level 1

      HISTORY:

      Edition: RoboHelp HTML

      Version: RoboHelp 2015

       

      Our Robohelp HTML online help output currently lives on our proprietary software platform. In order to protect confidential information that might be present within the topics published, we recently made a change so that when a user accesses online help, it checks to see if the user has an active login session to our platform. If they do, they are redirected to online help in a separate window. If they don’t, they are first directed to a platform login page, and then redirected to online help if the login is successful. This prevents users from copying the URL of online help, saving it
      to favorites, and then sending it to a user who is not registered in our platform who can just paste the URL into a new browser session to view online help.

       

      PROBLEM:

      Users are still able to access online help without having an active login session to our platform, BUT it only happens when the user has access or had access to our platform in the past and they try
      to use a URL that is cached in browser history. Specifically, users can get to online help pages they’ve accessed before, navigate within the table of contents, and click links to go to other areas of the page they have accessed. However, if they click another page in the table of contents to try to navigate to a page NOT in their browser history, they are taken to the platform login page.

       

      QUESTION:

      How can we leverage Robohelp to make it so that the cached and/or browser history is ignored, and the user is taken to the login page regardless of what is cached? Since this is at that point of cached browser content, the user is already outside our proprietary platform so we’re not sure the issue can be resolved internally within our platform.