* Scott Kushner (skushner@mtpl.org) wrote:

We are using mozilla firefox 3.5.4 for Koha access for our patrons. After one patron is done and walks away, the next patron can use the "back" button to access the previous patron's records-if 6 patrons have used this workstation, all of their transactions can be seen by the last patron. Has the new release of Koha addressed this security issue. Does anyone have a "one-patron session" fix for this?

What version of Koha are you using?, and are your patrons logging out? What a lot of Libraries do is close the browser and reopen on logout. Another way is to disable the back button. But the safest way, is to close the browser and reopen it on logout. It's a function of the browser reposting the login details, rather than anything in Koha. Closing the browser is the safest way to clear out that information. You can do all sorts of tricks with js, to try an rewrite history etc. Or force a reload of the page (to trigger the login prompt) but simply disabling javascript gets round them. Telling people to close the browser (and having it set up to restart) is the safest option. Chris -- Chris Cormack Catalyst IT Ltd. +64 4 803 2238 PO Box 11-053, Manners St, Wellington 6142, New Zealand