I was hoping for some advice. I am building a java spring web application. A feature exists in the application whereby a user can create a booking. Once they do so, they are brought to the booking confirmation page. My question is, how should a web app behave when the user clicks 'back' at this point?
So currently, they just see a browser (Chrome) warning . I am wondering, how should I handle this? Should I intercept the back call and bring them to a 403 (or some such generic) page? Should I disable the user from clicking 'back' in the browser. I know that neither of these options are good ideas, but I am not sure what other options I have. I would love to hear how you guys handle similar situations.
I have spent the past week implementing PRG and mine eyes have been opened. It is exactly what I needed.
However, I am still seeing one issue. My application uses Spring Security. I have a method to handle GET requests to '/login' (the login page) and this is fine. Any POST requests to '/login' are obviously handled by Spring as I did create a method to capture POST requests to '/login' but my break points were never hit. Therefore I cannot explicitly enforce the PRG 'Design Pattern' here as Spring is handling POST calls to the 'login' url.
The issue I am seeing is, when a user logs out, they are redirected to /login. If the user then refreshes the 'login' page, and subsequently attempts to enter his/her details, they see a 404. I had suspicious around what was causing this but so far, my investigations have not proved fruitful. Below is my Spring Security config:
I would appreciate any clues toward what you think the issue may be.