Browser’s Back button issue

Again, back button problem. I created a jsp page which is not supposed to be backed into from other pages. The following solutions have come to my mind.

Flush, expire form

I started from expire form by adding those famous flush code:

<%@ page autoFlush=”true” %>
<%
response.setDateHeader(“Expires”, 0);
response.setHeader(“Cache-Control”, “no-cache”);
//for old browser that use Pragma instead of Cache-Control”
response.setHeader(“Pragma”, “no-cache”);
%>

It works, kind of. IE shows a standard “page has expired” page, FF pop-up a confirmation window saying Do you want to re-submit? That’s not want I want.

Referer, where-are-you-from url

Then I tried to catch the where-are-you-from url which can be read from server side:

request.getHeader(“Referer”)

or client side:

document.referrer

Unfortunately, when clicking back button, the content of my page has already be cached, both referer keep the old url, not the one I back from.

Same problem happened when trying to use request.setAttribute. The page won’t be re-run or server side when being backed in.

History.previous, obsolete already

Lots of solutions regarding to add history.go(1) or history. forward. But I need history.back, only execute when being back in.

There used to be a history.previous, or histroy[-1].url, for security reason, all the modern browsers have disable this property. Damn!

Onunload? redirect in backing page.

Somebody got this idea to catch window.onunload() event. or, onbeforunload().

Quirksmode has a very good example about this. This almost reach me goal. Works great in IE, not FF. Even in IE, the onunload event also interfere user leaving my site.

Cookie, old fashon, but it works

Then I came to cookie, in no-back-in page, put these code

if (getCookie(“loginsubmitted”) == 1) {
location.replace(“login.jsp”);
//login.jsp needs to do this: setCookie(“loginsubmitted”, 0);
}else{
document.formLogin.submit();
setCookie(“loginsubmitted”, 1);
}

Only one problem, if users disable cookie in their browser the loginfailed page won’t back here then back to itself. Fortunately, that’s very rare, they can’t login normally by doing that.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s