[OCP 17 book] | [OCP 11 book] | [OCA 8 book] [OCP 8 book] [Practice tests book] [Blog] [JavaRanch FAQ] [How To Ask Questions] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
udaya prasad vakalapudi wrote:Dear All,
I got one task from my manager, regarding browser back button, refresh button. He asks me the web application has to work like Banks site... means if I refresh or click on Back button(Browser's) then it has to throw the user out of session, I checked lot in internet. But I found like only disabling back button of disabling F5 keys like that. But he’s not accepting that.
Can any one please suggest me how to approach for this? Can we throw the user out of session when he clicks on browser back button or refresh button.
I think its possible . But i don't know how to implement.
Please help me in this.
Thanks & Regards,
Udaya Prasad
udaya prasad vakalapudi wrote:
In all Indian Bank Sites, they are fallowing same scenario. I don't know exactly ...But due to security reasons only they are doing like that.. My manager telling it good to implement to provide more security to our site.
udaya prasad vakalapudi wrote:Hi Jeanne Boyarsky,
Using Token Validation how can we approach. Means.. is there any thing to identify browser refresh button event.
Can you please explain more...
[OCP 17 book] | [OCP 11 book] | [OCA 8 book] [OCP 8 book] [Practice tests book] [Blog] [JavaRanch FAQ] [How To Ask Questions] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
He asks me the web application has to work like Banks site... means if I refresh or click on Back button(Browser's) then it has to throw the user out of session, I checked lot in internet. But I found like only disabling back button of disabling F5 keys like that. But he’s not accepting that.
Jeanne Boyarsky wrote:
udaya prasad vakalapudi wrote:Hi Jeanne Boyarsky,
Using Token Validation how can we approach. Means.. is there any thing to identify browser refresh button event.
Can you please explain more...
It isn't about identifying the refresh button specifically. It is about identifying any non-linear pattern. It could be a user typing in a URL directly or the like.
Pattern for each request (probably in a filter)
- if not first visit, check submitted token matches current one
- generate a new random token
- edit the html page to add that token to every link/form (which is why I recommend filter)
Incidentally, my US bank does allow use of the bank and refresh buttons.
[OCP 17 book] | [OCP 11 book] | [OCA 8 book] [OCP 8 book] [Practice tests book] [Blog] [JavaRanch FAQ] [How To Ask Questions] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2