Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

How to control Back&Forward buttons.  RSS feed

 
Nasir Mkhan
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please anyone tell me how to control the "Back" and "Forward" buttons of browser through the jsp.I am asking in the context of sessions.i.e if someone click the back button and on loading the prevoius page, i want the forward button freeze.I will be grateful if someone help me in this case.
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unfortunately there's not much support for this. Since a "back" button is supposed to be able to take a user back out of your site and into whatever site they'd been previously visiting, it's considered rude to allow disabling that button.
There are a couple of things you can do to keep from getting clobbered too hard, though. Make sure that the sensitve pages aren't cached. If the page has a form, this will usually cause the browser to complain.
It's important to remember though that all a user (or hacker!) needs to do to cause grief is to manually type in a URL that jumps out of context. Your best defense is to never assume that you know what order pages were requested.
 
Nasir Mkhan
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Tim! you said that make sure that the sensitve pages aren't cached. If the page has a form, this will usually cause the browser complain.How to do it i.e not to cache the page.But Tim, when we logout from any account the back button allow any one to see private pages if the brower is not closed.Is there any way to handle this problem.If we do these pages not cached then it will be the problem for the right user too if she want to see the previous pages that r not cached.
[This message has been edited by Abdul Nasir (edited July 25, 2001).]
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Aha! One of the oldest problems around. Not strictly a Java server problem, though, except for the obvious need to ensure that the user truly logged out and the session was destroyed.
There are at least 3 different ways to turn off client-side caching, depending on the version and manufacturer of the browser, including the meta tags Cache-Control, Pragma (no-cache) and the response.setHeader() functions (It also doesn't hurt to make the page expired). Ideally, there should be an appserver method to do all these things at one go, but if there is one, I missed it. I think that there are some JavaBeans that will help you, though - check out alphaworks.ibm.com, for instance.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!