• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Sessions in Servlets

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

My lib project is almost completed.....Implemented it in servlets.......thanks for the advice
Now I need to use sessions......
because after log out ....if they press browser back button it is still taking them to their profile.........which is completely wrong
I used the jsp code
<script language="JavaScript">
javascript:window.history.forward(1);
</script>
to prevent browser back button from going back to log on page after logging in........
but as I told you before, after log out it is still going back to their profile.........
How should I use Http Session.......?
 
Ranch Hand
Posts: 47
MySQL Database PHP Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Try setting your profile page cache headers to an old date so when they try to go back, the page will have expired.
 
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Are you invalidating the session correctly upon logout? If so, are you correctly checking for valid sessions within your app throughout navigation in your JSPs?

I believe if both answers are "yes", then you will need to rely on javascript or browser settings.. the user will not be able to do anything because you click on something after hitting the back button on the browser, the server will throw an error and send the user to a designated page (Usually main login screen)
 
Sheriff
Posts: 67752
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This has nothing to do with sessions, but with caching.
 
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Rahul,

You can also add javascript:history.forward() in your logout page which will prevent the IE back button working.


-Sujata
 
Bear Bibeault
Sheriff
Posts: 67752
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Which is a trick no self-respecting web developer would use, and which is easily defeated, thereby offering no added security.
 
Sujata Samal
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Adding tricks on top of securities is . If someone reads carefully i wrote "you can also add........"

-Sujata
 
Bear Bibeault
Sheriff
Posts: 67752
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No. Using easily defeated tricks and pretending that they add security is just self-deception.
 
Sujata Samal
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ha ha...no one would pretend history.forward() adds security in the application!!

-Sujata
 
Bear Bibeault
Sheriff
Posts: 67752
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Then what is your point?
 
Sujata Samal
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
who had posted this query should have read the other two replies..

-> invalidating cache
-> invalidating session in logout

so i meant in addition to this you can also add......history.foreward()

hope its clear now

-Sujata
 
Bear Bibeault
Sheriff
Posts: 67752
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If it adds no extra security, I fail to see why anyone would add this. But to each...
 
Sujata Samal
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As you wrote/i agreed it does not add any security its just a trick to make the user hard to navigate back.

-Sujata
 
Sheriff
Posts: 28330
97
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Just a feature which annoys the user but has no practical purpose, then?
 
Sujata Samal
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
From my experience, there was a scenario

-> where the user submits a page lets say from SubmittingPage and click back button and can again submit but we wanted to avoid re-submit
-> we cant invalidate/expire the cache as SubmittingPage can be accesed from another page and should populate the previously keyed in values.

there might be some other ways to implement(may be using onr-time token) but we found implemneting history.forward is more convinient at that point of time.

in this case how can i say there is no practical purpose??

-Sujata.
 
Paul Clapham
Sheriff
Posts: 28330
97
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sure, I suppose there might be a few cases where it's necessary to prevent the user from going back (even though it's not actually possible to do that). But the vast majority of the time when people want to do that, it's because they haven't figured out the right way to prevent the actual problem. I'm in favour of fixing the actual problem rather than installing a cheap hack which doesn't work reliably.
 
Ranch Hand
Posts: 384
Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i agree with bear ...

you should check on the caching part though ...

and make sure you have invalidated the session upon logout ...

if so, and the user clicks the browser back button, then check for proper credentials before allowing the user to go back ... or otherwise just show an error page
 
Sujata Samal
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Paul - Could you please share your thought(s) how to resolve this kind of problem(other than one-time token).I will definitely rethink to implement your solution/a feasible solution !!


-Sujata.
 
Paddy spent all of his days in the O'Furniture back yard with this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic