Skip to main content
A
amandana
Participant
March 2, 2017
Question

Cached Browser History Allows Access Outside of Secure Session

  • March 2, 2017
  • 3 replies
  • 1349 views

HISTORY:

Edition: RoboHelp HTML

Version: RoboHelp 2015

Our Robohelp HTML online help output currently lives on our proprietary software platform. In order to protect confidential information that might be present within the topics published, we recently made a change so that when a user accesses online help, it checks to see if the user has an active login session to our platform. If they do, they are redirected to online help in a separate window. If they don’t, they are first directed to a platform login page, and then redirected to online help if the login is successful. This prevents users from copying the URL of online help, saving it
to favorites, and then sending it to a user who is not registered in our platform who can just paste the URL into a new browser session to view online help.

PROBLEM:

Users are still able to access online help without having an active login session to our platform, BUT it only happens when the user has access or had access to our platform in the past and they try
to use a URL that is cached in browser history. Specifically, users can get to online help pages they’ve accessed before, navigate within the table of contents, and click links to go to other areas of the page they have accessed. However, if they click another page in the table of contents to try to navigate to a page NOT in their browser history, they are taken to the platform login page.

QUESTION:

How can we leverage Robohelp to make it so that the cached and/or browser history is ignored, and the user is taken to the login page regardless of what is cached? Since this is at that point of cached browser content, the user is already outside our proprietary platform so we’re not sure the issue can be resolved internally within our platform.

This topic has been closed for replies.

3 replies

C
Contact Us
Known Participant
April 4, 2018

Hi Amanda,  when you wrote this post was your company using RoboHelp Server?

A
amandanaAuthor
Participant
April 5, 2018

No, we were not using the RoboHelp server.

C
Contact Us
Known Participant
April 5, 2018

· Is there a setting in RoboHelp that does this (below) or did Developers have to create code?

"Our RoboHelp HTML online help output currently lives on our proprietary software platform. In order to protect confidential information that might be present within the topics published, we recently made a change so that when a user accesses online help, it checks to see if the user has an active login session to our platform. If they do, they are redirected to online help in a separate window. If they don’t, they are first directed to a platform login page, and then redirected to online help if the login is successful. This prevents users from copying the URL of online help, saving it to favorites, and then sending it to a user who is not registered in our platform who can just paste the URL into a new browser session to view online help."

S
ScottieG11
Known Participant
March 6, 2017

Morning,

I was redirected here as we have a question regarding how to set up our online help in the cloud so that user's don't have to log in. How did you guys set up your help icons to redirect users? Did you use a token or cookie to verify they were logged in? How do you manage the user names/passwords? Here's our post:

Re: Securing Our Help on a Cloud Server

While reading your post, I noted you have a similar browser cache issue we encountered. We created a master page and put the meta cache tags in the HTML (we also assigned the CSS to it to spare ourselves from attaching it to each topic). We then assign the master page to each page in the project when we compile. Seems to work well.

Huge thanks for your time and help!

Scottie G.

TXTechWriter
TXTechWriter
Inspiring
March 14, 2017

Is this online help for a software application? Is the help published to a cloud server then accessed from the application?

S
ScottieG11
Known Participant
March 14, 2017

Yes, this is help for three different applications. One is a PowerBuilder application and the other two are web applications. The applications will authenticate the users. We don't want to get into maintaining usernames/passwords esp since our software is deployed in campus environments where turnover can be high. We are setting the applications' help icons up so that when the user clicks them, they will access the cloud server where our help files will live. Our developers have been looking at using link redirects that include a cookie or toke, certificate-based authentication, or encrypted URL query string values that include our own key. We were looking to see how others were handling it and if anyone had any recommendations!

A
Community Expert
AmebrCommunity Expert
Community Expert
March 2, 2017

I think this is a browser/webserver issue, not something RH really has any control over.

I believe you can turn off caching on the web server, so perhaps talk to your server guys about that.

There are also meta nocache tags you could try, but there seems some doubt about how reliable they are.

There's a bit of a discussion here, but I admit I get somewhat lost.

html - Using <meta> tags to turn off caching in all browsers? - Stack Overflow

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices