aspose file tools*
The moose likes JSP and the fly likes controlling browsers back button Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "controlling browsers back button" Watch "controlling browsers back button" New topic
Author

controlling browsers back button

jyothsna kumari
Ranch Hand

Joined: Jul 21, 2003
Posts: 108
i have developed a website.in that when the user clicks logout button,i am showing a page saying that he has logged out.here if the user clicks browsers back button,instead of going back to previous page i want to redirect the user to login page.
how can i do this.
thanks in advance
Amit KumarS
Ranch Hand

Joined: Oct 10, 2003
Posts: 100
i donno how to do that...
but u can disable caching in following manner.. you might be aware of this.. but still i am posting this piece of code to disable cache so that if you click back button the inforamtion of the last page could not be viewed..

also i think that thing what u r asking if can be done then i think most probably with help of JavaScript only and not JSP...
and lastly if that is possible i would also love to knnow..
Thanks
Amit


****************************<br />In 24 hrs Earth rotates once on its Axis.
Garry Jackson
Greenhorn

Joined: Aug 11, 2003
Posts: 8
When the user clicks the logout button, instead of going straight to the logout page, go to an intermediate page which performs an instantaneous META REFRESH to the real page you want.
If they then click BACK, it will simply flick and display the logout page; which could contain the LOGIN input details.
jyothsna kumari
Ranch Hand

Joined: Jul 21, 2003
Posts: 108
hai,
thanks for responding.i placed the code which u have given in my logout jsp page.but still the history is available and it is going to the previous page.pls help me
Dave Vick
Ranch Hand

Joined: May 10, 2001
Posts: 3244
mintu
The easiest way to do this would be to use sessions. I assume that if there is a log out that there is also a login page. When the user logs in set a session variable indicating that they have logged in. Then on each page of the application you can check that session variable and if it doesn't exist (they tried t go directly to the page, or the session timed out, or they logged out) then they get redirected to the login page. Then on your log out page all you need to do is invalidate the session.
Hope that helps


Dave
jyothsna kumari
Ranch Hand

Joined: Jul 21, 2003
Posts: 108
hai Dave,
thanks for responding.it really helped me
Amit KumarS
Ranch Hand

Joined: Oct 10, 2003
Posts: 100
hiii dave..
i think by invalidating the session i don't think it will stop the user from hitting the back button and goign to previous page.. i admit her will not be able to acces that page by refreshing that page or clicking on some link...
but he will definetaly we able to view the information in those pages... so do we have any option like making cache off and also like the original post of disabling the browsers back button..
Thanks in Advace
Amit
jyothsna kumari
Ranch Hand

Joined: Jul 21, 2003
Posts: 108
hai Dave,
i used sessions variables as u said and invalidated the session variables in logout page.and used response.sendredirect("USDA_Homepage.jsp") if session is invalidte,but it didn't worked.even i used <jsp:forward page="USDA_Homepage.jsp" />.stille this also didn't worked.
pls help me how can i do.
thanks
Amit KumarS
Ranch Hand

Joined: Oct 10, 2003
Posts: 100
hi mintu..
what is excatly that is happening.... 'cause u need to remember few things... like hsp page autmoatically creates a new session each time the page is visited..
to stop this either u need to write
<%@ page session="false" %>
(but in this case you will not get the access to session variable in your page)
or
u will have to check on each page like
<% session = request.getSession(false) %>
<% if (session == null) {
response.SendRedirect("/application/some.jsp");
}
%>
if you have done this then what is excatl;y that is happening.. let me know the excat flow..
Thanks
Amit
jyothsna kumari
Ranch Hand

Joined: Jul 21, 2003
Posts: 108
hai Amit,
lets say we have login.jsp,temp.jsp and logout.jsp(in that order)
in logout.jsp i used <%session.invalidate();> which invalidates the session variables used.in that page if we click browser's back button it goes to temp.jsp page.in temp.jsp page i am checking whether a particular session variable is valid or not.if not redirecting to login.jsp.
but though i nvalidated the session variables,it is not redirecting to login.jsp.
this is what i used in temp.jsp
<%if (session.getAttribute("PrimaryPhone")==null){%>
<%response.sendRedirect("login.jsp");%>
<%}%>
thanks
Amit KumarS
Ranch Hand

Joined: Oct 10, 2003
Posts: 100
No mintu..
u got it wrong... actually when u hit back button of the browser.. the browser picks up the page from the cache and doesnot go to the server.. so it won't have any effect...
but after hitting back button u click on refresh button or click on any link then the request will go to browser and at that time the page will be checked and then redirected.. so, just by clicking on back button won't have any effect..
you need to disable the caching.. so, after disabling the caching.. when user hits the back button then a page will come saying "This page has expired!!" and then if he clicks on refresh then he will be redirected to Login.jsp
Any other queries please revert back..
Thanks
Amit
jyothsna kumari
Ranch Hand

Joined: Jul 21, 2003
Posts: 108
ya i got it,
but how to clear the cache?
i used the code which u have given.
but no use.if u have done anything of this sort
then pls send me .
btw my name is jyothsna
Amit KumarS
Ranch Hand

Joined: Oct 10, 2003
Posts: 100
hi jyothsna..
u can put the following code between <head></head> tags of ur JSP pages to disable cache..

Let me know if it works or not??
Thanks
Amit
jyothsna kumari
Ranch Hand

Joined: Jul 21, 2003
Posts: 108
hai Amit,
i have placed the code as u told in login.jsp page.but when the user from logout.jsp clicks to go to login.jsp i am redirecting.but here from login.jsp if the user clicks browser's back button it is going back to logout.jsp page which i don't want.
from this it's implies that memory is not cleared though the code is placed.
i don't want the user to go to logout.jsp from login.jsp if the user clicks back button.
thanks
Amit KumarS
Ranch Hand

Joined: Oct 10, 2003
Posts: 100
hi jyothsna
lets clear a few things first...
suppose you are in logout.jsp and u click on a link which redirects the user to login.jsp but when user hits back button here in login .jsp then u don't want the user to show logout.jsp.. u want him to show login.jsp instead..

now few things...
it is not possible atleats for me to stop a user from going back... as i donno the code to disable the back button..
but what we can do instead is that
1. we can write this

in the <head></head> tag of logout.jsp..
this will not allow the browser to cache the page and when user clicks back button then he will get a message as
This Page has Expired
2. now to achieve the second part.. i.e. redirecting the user to login.jsp
now suppose we are in logout.jsp and clicked on link ot go to login.jsp and then hit the back button.. this will give the error page.
and now i say refresh .. here we can send the user to login.jsp
for this u will have to write the following code in logout.jsp

this code will force the user to go to login.jsp
i will be surprised to know if this doesn't work as it works for me..
if some error comes then let me know the excat error message and the excat flow.. then i might be avle to help in much better way..
Thanks
Amit
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
You really need to look at the server side approach in more detail. You need to cancel the page from the server and not client side, jsp has to have a no-cache thing. I know that .Net does because I use it on every page in my helpdesk system that I am developing. I am not a jsp expert so I can not say exactly what to do.
All I can say is: META TAGS DO NOT WORK!!!
IE skips them, I remember an article from msdn that said to add them after the closing body tag in case the complier skipped them in the head. Wanna talk about browser compliance! My rant for the day!
Depending on client side technology does not work esp. if the person turns javascript off. If you look at this thread: http://www.coderanch.com/t/113296/HTML-JavaScript/NOT-Cache
I have written stuff on the back button. People disable it with an easy statement, I have the code on my site, but these ways are not solutions, they are problems in the making. The artitecture behind your application needs to find the solution.
Yes I am in a cranky mood today.
Eric
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61756
    
  67

Understandable Eric, dealing with IE's "we don't have to conform to standards, we ARE the standard" attitude makes me cranky on an ongoing basis!
Thanks for adding the meta tag info to the discussion.
bear


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Malhar Barai
Author
Ranch Hand

Joined: Aug 17, 2001
Posts: 399
hi jyothsna...
Have you tries Gary's suggestion, that is one of the best, keeping an intermediate page between the logout click & the final logout display page. In this was, if the user clicks the back button, it'll go to the intermediate page, that has nothing to do, where you can chk for the session, or but some javascript that advances by one page if you click from logout page, or you can check for session, & if it is null, the request can be redirected to the login page.
hth
MB


Malhar Barai
SOA & Java Book
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
'but if the person has javascript disabled: 30% of users in the last survey I saw, they will not be effected by this.....
If this was in intranet page, i would not worry about javascript being off.
Eric
Maulin Vasavada
Ranch Hand

Joined: Nov 04, 2001
Posts: 1873
Hi all,
I know this issue and the problem here is browser puts the content page that we see after login in history. So, Back button will go to that page even after we say logout and cache disability directives don't work many times as observed.
My solution is,
"if we remove the content page url from the browser's history then it work". By this I mean, if we have three page,
login.jsp
page1.jsp
and logout.jsp
On page1.jsp if we have a logout button which leads us to logout page that invlidates the session then we want to remove "page1.jsp" from the browser's histroy.
Now, here is my code that I tested on my local machine's Tomcat and it works.

so, Mintu, you will have to put this kind of hyperlink for logout on your "temp.jsp" that you refer in some of the post as content page...

NOTE:
Here, I have spelt onKlick to avoid the posting error I was getting. Please correct it in your code.
Hope this is helpful.
Regards
Maulin
Maulin Vasavada
Ranch Hand

Joined: Nov 04, 2001
Posts: 1873
sorry guys,
please put following in case of "logout()" call I make in my code,

this HTML error message harased me and I messed up
Regards
Maulin
jyothsna kumari
Ranch Hand

Joined: Jul 21, 2003
Posts: 108
hai all,
my sincere thanks to all who have responded.i got the solution which had included help from many of u.as somebody said, meta tags do not work.so i tried for other option.
actually from page1.jsp i am using another intermediate page where i am using "window.location.href = "Logout.jsp";".By this in the logout page if user clicks back button it doesn't go to previous page and stays there.
and in logout page i am killing the session variables.This has served my purpose.
jyothsna
 
 
subject: controlling browsers back button