Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to disable back button of browser after session invalidation?

 
Meenal Srivastva
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any pointers?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The browser's back button can not be disabled by a web application.

We (web developers) have no business messing with our user's browser settings.
 
Meenal Srivastva
Greenhorn
Posts: 19
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What i mean is .... after i have invalidated my session(this happens after the user clicks on a link to a jsp "LogOff") ..i donot want the user to go back into the application by just clicking on the back button of the browser.

How do i achieve that?

Right now ...i use the following script on the page preceding the last one (in html ):

<script ...>
javascript:window.history.forward(1);
</script>

Is this the right approach? Is there any other(better) way of achieving the same result?
 
Lave Kulshreshtha
Ranch Hand
Posts: 106
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Meenal,
I think right appraoch would be to open the browser window in full screen mode (I mean with out browser buttons), so user would not be able to click back button after log off.

Hope It helps.

Thanks,
Lave
Originally posted by Meenal Srivastva:
What i mean is .... after i have invalidated my session(this happens after the user clicks on a link to a jsp "LogOff") ..i donot want the user to go back into the application by just clicking on the back button of the browser.

How do i achieve that?

Right now ...i use the following script on the page preceding the last one (in html ):

<script ...>
javascript:window.history.forward(1);
</script>

Is this the right approach? Is there any other(better) way of achieving the same result?

[ January 16, 2008: Message edited by: Lave Kulshreshtha ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Lave Kulshreshtha:
Hi Meenal,
I think right appraoch would be to open the browser window in full screen mode (I mean with out browser buttons), so user would not be able to click back button after log off.

Hope It helps.

Thanks,
Lave


I disagree.
Even without the back button, there are key combinations and mouse gestures that can be used to activate the browser's 'back' feature.
The application should be written in such a way that it can handle back button clicks gracefully.

Look at:
http://faq.javaranch.com/java/NoCacheHeaders
and
http://faq.javaranch.com/java/PostRedirectGet


The Post-Redirect-Get pattern insures that no screen is built as a result of a post request.

If you don't cache your pages and the user can't re-post the login screen from the back button, they won't be able to back into your application after logging out.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic