Highlighted

Cached Browser History Allows Access Outside of Secure Session

New Here ,
Mar 02, 2017

Copy link to clipboard

Copied

HISTORY:

Edition: RoboHelp HTML

Version: RoboHelp 2015

Our Robohelp HTML online help output currently lives on our proprietary software platform. In order to protect confidential information that might be present within the topics published, we recently made a change so that when a user accesses online help, it checks to see if the user has an active login session to our platform. If they do, they are redirected to online help in a separate window. If they don’t, they are first directed to a platform login page, and then redirected to online help if the login is successful. This prevents users from copying the URL of online help, saving it
to favorites, and then sending it to a user who is not registered in our platform who can just paste the URL into a new browser session to view online help.

PROBLEM:

Users are still able to access online help without having an active login session to our platform, BUT it only happens when the user has access or had access to our platform in the past and they try
to use a URL that is cached in browser history. Specifically, users can get to online help pages they’ve accessed before, navigate within the table of contents, and click links to go to other areas of the page they have accessed. However, if they click another page in the table of contents to try to navigate to a page NOT in their browser history, they are taken to the platform login page.

QUESTION:

How can we leverage Robohelp to make it so that the cached and/or browser history is ignored, and the user is taken to the login page regardless of what is cached? Since this is at that point of cached browser content, the user is already outside our proprietary platform so we’re not sure the issue can be resolved internally within our platform.

Topics

HTML

Views

568

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Cached Browser History Allows Access Outside of Secure Session

New Here ,
Mar 02, 2017

Copy link to clipboard

Copied

HISTORY:

Edition: RoboHelp HTML

Version: RoboHelp 2015

Our Robohelp HTML online help output currently lives on our proprietary software platform. In order to protect confidential information that might be present within the topics published, we recently made a change so that when a user accesses online help, it checks to see if the user has an active login session to our platform. If they do, they are redirected to online help in a separate window. If they don’t, they are first directed to a platform login page, and then redirected to online help if the login is successful. This prevents users from copying the URL of online help, saving it
to favorites, and then sending it to a user who is not registered in our platform who can just paste the URL into a new browser session to view online help.

PROBLEM:

Users are still able to access online help without having an active login session to our platform, BUT it only happens when the user has access or had access to our platform in the past and they try
to use a URL that is cached in browser history. Specifically, users can get to online help pages they’ve accessed before, navigate within the table of contents, and click links to go to other areas of the page they have accessed. However, if they click another page in the table of contents to try to navigate to a page NOT in their browser history, they are taken to the platform login page.

QUESTION:

How can we leverage Robohelp to make it so that the cached and/or browser history is ignored, and the user is taken to the login page regardless of what is cached? Since this is at that point of cached browser content, the user is already outside our proprietary platform so we’re not sure the issue can be resolved internally within our platform.

Topics

HTML

Views

569

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Adobe Community Professional ,
Mar 02, 2017

Copy link to clipboard

Copied

I think this is a browser/webserver issue, not something RH really has any control over.

I believe you can turn off caching on the web server, so perhaps talk to your server guys about that.

There are also meta nocache tags you could try, but there seems some doubt about how reliable they are.

There's a bit of a discussion here, but I admit I get somewhat lost.

html - Using <meta> tags to turn off caching in all browsers? - Stack Overflow

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Community Beginner ,
Mar 06, 2017

Copy link to clipboard

Copied

Morning,

I was redirected here as we have a question regarding how to set up our online help in the cloud so that user's don't have to log in. How did you guys set up your help icons to redirect users? Did you use a token or cookie to verify they were logged in? How do you manage the user names/passwords? Here's our post:

Re: Securing Our Help on a Cloud Server

While reading your post, I noted you have a similar browser cache issue we encountered. We created a master page and put the meta cache tags in the HTML (we also assigned the CSS to it to spare ourselves from attaching it to each topic). We then assign the master page to each page in the project when we compile. Seems to work well.

master_page.png

master_page_html.png

Huge thanks for your time and help!

Scottie G.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Participant ,
Mar 14, 2017

Copy link to clipboard

Copied

Is this online help for a software application? Is the help published to a cloud server then accessed from the application?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Community Beginner ,
Mar 14, 2017

Copy link to clipboard

Copied

Yes, this is help for three different applications. One is a PowerBuilder application and the other two are web applications. The applications will authenticate the users. We don't want to get into maintaining usernames/passwords esp since our software is deployed in campus environments where turnover can be high. We are setting the applications' help icons up so that when the user clicks them, they will access the cloud server where our help files will live. Our developers have been looking at using link redirects that include a cookie or toke, certificate-based authentication, or encrypted URL query string values that include our own key. We were looking to see how others were handling it and if anyone had any recommendations!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Adobe Community Professional ,
Mar 14, 2017

Copy link to clipboard

Copied

Unless I have misunderstood, only someone who has previously accessed the

help will be able to access it again as I believe the cache is per user. On

the basis they were authenticated once, is there an issue here?

www.grainge.org for free RoboHelp & Authoring info. Use the blue Reply button at the top to help me help you.
The black Reply link nests replies and they sort out of order.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Participant ,
Mar 14, 2017

Copy link to clipboard

Copied

Do you publish directly to the cloud server?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Community Beginner ,
Mar 14, 2017

Copy link to clipboard

Copied

No issue. Just looking for insights or guidance based on our plan.

The current plan is to publish the help to an IIS cloud server bringing up static RoboHelp pages. We'll provide authentication tokens that will be submitted along with any help page request. Those in turn will provide users with a cookie (if the token validates). If the user browses to a bookmarked page and the session associated with the cookie has expired, we will redirect them back to one of the two web applications so they can log back in. Once logged back in, they'll be redirected back to the original help page they requested.

Our devs are curious if this is the similar to the process being described by amandada, the original poster? We were also looking for additional details they could provide that might give us insights into how to make this a secure and robust approach.

Thanks!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
New Here ,
Apr 04, 2018

Copy link to clipboard

Copied

I have a question related to Amandana's post (see subject).  Can you tell me how this change was made, "when a user accesses online help, it checks to see if the user  has an active login session to our platform." 

Is there a setting in RoboHelp that does this or did Developers have to create code?

"Our  Robohelp HTML online help output currently lives on our proprietary  software platform. In order to protect confidential information that  might be present within the topics published, we recently made a change  so that when a user accesses online help, it checks to see if the user  has an active login session to our platform. If they do, they are  redirected to online help in a separate window. If they don’t, they are  first directed to a platform login page, and then redirected to online  help if the login is successful. This prevents users from copying the  URL of online help, saving it to favorites, and then sending it to a user who is not registered in our platform who can just paste the URL into a new browser session to view online help."

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Adobe Community Professional ,
Apr 04, 2018

Copy link to clipboard

Copied

Definitely something their developers did - RH doesn't control any of that (unless you use the RH Server product to host your help on).

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
New Here ,
Apr 04, 2018

Copy link to clipboard

Copied

That’s what I thought. I wonder if any authoring tool supports this, are you aware?

Thanks for the quick response.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
New Here ,
Apr 04, 2018

Copy link to clipboard

Copied

I did see where you mentioned the RH Server product. I will look into that as well.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
New Here ,
Apr 04, 2018

Copy link to clipboard

Copied

Hi Amanda,  when you wrote this post was your company using RoboHelp Server?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
New Here ,
Apr 05, 2018

Copy link to clipboard

Copied

No, we were not using the RoboHelp server.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
New Here ,
Apr 05, 2018

Copy link to clipboard

Copied

· Is there a setting in RoboHelp that does this (below) or did Developers have to create code?

"Our RoboHelp HTML online help output currently lives on our proprietary software platform. In order to protect confidential information that might be present within the topics published, we recently made a change so that when a user accesses online help, it checks to see if the user has an active login session to our platform. If they do, they are redirected to online help in a separate window. If they don’t, they are first directed to a platform login page, and then redirected to online help if the login is successful. This prevents users from copying the URL of online help, saving it to favorites, and then sending it to a user who is not registered in our platform who can just paste the URL into a new browser session to view online help."

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
amandana LATEST
New Here ,
Apr 12, 2018

Copy link to clipboard

Copied

So I am not a developer and we had RoboHelp in place well before I ever started working for the company, so I'm not 100% sure on the specifics of how we set this up, but given that we deploy the online help files to an internal server file location which then pulls the index file from that folder into our platform, I would assume our developers coded it to do that.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...