Disable back button

Hi ranchers

I am currently making a web based application in jsp.I have a login page which asks for username and password.After the authentication it goes to the application stuff,there i click the logout button it comes back to the login page.Now when i click the back button of the browser it goes back to the previous page.I dont want this to happen.I was using window.history.forward(1); to disable the back button.Is there any other better way so as to prevent the login page to go back to application page?Any help would be appreciated.

Thanks
Umadas

Why dont you diable browser side page caching using the pragma and cache control headers ? That way the browsers will not display the page and will instead display a warning message

Cant we do it using session or some kind of timer in the jsp page?

Hi,

Use the following script code in the page you want to restrict the user to come back.

<script language="JavaScript" type="text/javascript">
window.history.forward(1);
</script>
[ May 19, 2008: Message edited by: Prabhakaran Manoharan ]

Prabhakaran,

Please take a moment to read the original poster's question before responding. Ajay has stated that he already using this code and is looking for alternatives to it.

You can't disable a browser's back button, nor should you try.

Instead look at two entries in our JSP FAQ.
One explains the post-redirect-get pattern which insures that no pages are rendered as a direct result of post request.

The other explains how to use no-cache headers to request that the browser not keep copies of pages on the disk.

-Ben

Hi Ajay,

I too have come across the same situation. But in my scenario, I have set the userid, password, etc., in session and while logging off, I had invalidated the session. After you logoff, click on the back button, you don't get the necessary info in the jsp page, resulted in an exception (I made the code accordingly), then redirected to the homepage.

Regards,
Kiran.

Originally posted by K Kiran Kumar:
Hi Ajay,

I too have come across the same situation. But in my scenario, I have set the userid, password, etc., in session and while logging off, I had invalidated the session. After you logoff, click on the back button, you don't get the necessary info in the jsp page, resulted in an exception (I made the code accordingly), then redirected to the homepage.

Regards,
Kiran.

With the scenario in question the browser actually caches the page (at least that is what it looks like) and displays it to the user. It does not go back to the server and get a page in response

Hi,
I agree with Kiran Kumar. When user logoff, user's session should be killed, in this case when user'll click on back button, session not found error will come.

The second of two options what Ben suggested is the simple one and easy way to get rid of this.

Try include the following code snippet in your Jsp page.

It works perfectly!

Exactly raghavan..setting response headers like that will serve the purpose

This will not work in Firefox!!
Also it's not a very usable behavior that you will get an "Page expired" Error Message.

There must be a better solution?

chris

"chriswelz",
Please check your private messages about an important administrative matter.

Originally posted by chriswelz:
This will not work in Firefox!!
Also it's not a very usable behavior that you will get an "Page expired" Error Message.

There must be a better solution?

chris

I disagree - I would say 80% of the pages I have use no-cache headers. I use Firefox as my main test-bed and never have seen a problem. A page past its cache-life will be re-requested from the server.

On the otherhand, if you are using the no-cache headers WITHOUT implementing the Post-Redirect-Get pattern Ben mentions, you could get this warning when the user tries to go back to the page the form submits to. When you implement the Post-Redirect-Get pattern then you never get to that page, because the redirect-get replaces the Post request in the browser.

So if you are getting the error it is probably because you have not done both things Ben had suggested.

Disabling the browser's back button is evil.

Your users expect it to work.

That you can hack things to work most of the time on most of the browsers does not make it a good thing to do.

What you want is to have a great, intuitave user experience.

Fix your code to work properly with back and forward as Marc Andreesen intended.

Indeed! Disabling the back button is a crutch to get around coding your web application properly. Fix the web app, don't try to break the browser.

Please read this for more information.
[ October 17, 2008: Message edited by: Bear Bibeault ]

Raghavan Muthu wrote:The second of two options what Ben suggested is the simple one and easy way to get rid of this.

Try include the following code snippet in your Jsp page.

<% response.setHeader("Pragma","no-cache"); response.setHeader("Cache-Control","no-store"); response.setHeader("Expires","0"); response.setDateHeader("Expires",-1); %>

It works perfectly!

Thanks works perfectly fine