[Javascript] Approved method of "bugging out"

[David T. Lovering]

  I am trying to harden a number of pre-existing pages by embedding a script in the onLoad handler (or maybe even earlier in the process tree) that will check the authentication info for the incoming user, and then unconditionally blow the window/browser
back out if the authorization is not validated.  The first part is easy, and I've already got a handle on it.

  The second part appears to be more troublesome, particularly with IE browsers.  I've tried "self.window.close()" and a number of close analogs, and in every case it brings up a nice little window saying "the process wants to close the window, is this
OK?"  Of course, a cracker will say "no", and continue happily raping the application.  I
want the equivalent of dynamite for the fishpond, that will abort the browser altogether without any dialogue, thereby ensuring that no passive authentication threads remain active and that no history can lead back to the page(s) in question.

  Yes, I know how to nuke the history list.  However, I don't like to do this out-of-hand, since the user may have legitimate URLs stacked up in it which should be preserved.  Also, I can simply redirect the window.location.href to somewhere innocuous,
but that still leaves the initial authentication thread active, and can be "backed" by the history list.  No, only unconditional dynamite will serve.

  Anybody have any ideas?  I need to get this script bundle out the door ASAP for a product demo at the end of this upcoming week.

-- Dave Lovering