wood burning stoves 2.0*
The moose likes JSP and the fly likes Disable back button Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Disable back button" Watch "Disable back button" New topic
Author

Disable back button

Ajay Singh
Ranch Hand

Joined: Jan 04, 2008
Posts: 105
Hi ranchers

I am currently making a web based application in jsp.I have a login page which asks for username and password.After the authentication it goes to the application stuff,there i click the logout button it comes back to the login page.Now when i click the back button of the browser it goes back to the previous page.I dont want this to happen.I was using window.history.forward(1); to disable the back button.Is there any other better way so as to prevent the login page to go back to application page?Any help would be appreciated.

Thanks
Umadas
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

Why dont you diable browser side page caching using the pragma and cache control headers ? That way the browsers will not display the page and will instead display a warning message


SCJP 6 articles - SCJP 5/6 mock exams - More SCJP Mocks
Ajay Singh
Ranch Hand

Joined: Jan 04, 2008
Posts: 105
Cant we do it using session or some kind of timer in the jsp page?
Prabhakaran Manoharan
Greenhorn

Joined: May 19, 2008
Posts: 2
Hi,

Use the following script code in the page you want to restrict the user to come back.

<script language="JavaScript" type="text/javascript">
window.history.forward(1);
</script>
[ May 19, 2008: Message edited by: Prabhakaran Manoharan ]

Thanks,<br />Prabhakaran.M
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Prabhakaran,

Please take a moment to read the original poster's question before responding. Ajay has stated that he already using this code and is looking for alternatives to it.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

You can't disable a browser's back button, nor should you try.

Instead look at two entries in our JSP FAQ.
One explains the post-redirect-get pattern which insures that no pages are rendered as a direct result of post request.

The other explains how to use no-cache headers to request that the browser not keep copies of pages on the disk.

-Ben
K Kiran Kumar
Ranch Hand

Joined: Jan 04, 2006
Posts: 109
Hi Ajay,

I too have come across the same situation. But in my scenario, I have set the userid, password, etc., in session and while logging off, I had invalidated the session. After you logoff, click on the back button, you don't get the necessary info in the jsp page, resulted in an exception (I made the code accordingly), then redirected to the homepage.

Regards,
Kiran.
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

Originally posted by K Kiran Kumar:
Hi Ajay,

I too have come across the same situation. But in my scenario, I have set the userid, password, etc., in session and while logging off, I had invalidated the session. After you logoff, click on the back button, you don't get the necessary info in the jsp page, resulted in an exception (I made the code accordingly), then redirected to the homepage.

Regards,
Kiran.


With the scenario in question the browser actually caches the page (at least that is what it looks like) and displays it to the user. It does not go back to the server and get a page in response
Usman Saeed
Ranch Hand

Joined: May 21, 2008
Posts: 31
Hi,
I agree with Kiran Kumar. When user logoff, user's session should be killed, in this case when user'll click on back button, session not found error will come.


Usman Saeed
Raghavan Muthu
Ranch Hand

Joined: Apr 20, 2006
Posts: 3344

The second of two options what Ben suggested is the simple one and easy way to get rid of this.

Try include the following code snippet in your Jsp page.



It works perfectly!


Everything has got its own deadline including one's EGO!
[CodeBarn] [Java Concepts-easily] [Corey's articles] [SCJP-SUN] [Servlet Examples] [Java Beginners FAQ] [Sun-Java Tutorials] [Java Coding Guidelines]
pavan mandala
Greenhorn

Joined: Jun 06, 2008
Posts: 5
Exactly raghavan..setting response headers like that will serve the purpose
chris welz
Greenhorn

Joined: Oct 17, 2008
Posts: 1
This will not work in Firefox!!
Also it's not a very usable behavior that you will get an "Page expired" Error Message.

There must be a better solution?

chris
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30076
    
149

"chriswelz",
Please check your private messages about an important administrative matter.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Steve Luke
Bartender

Joined: Jan 28, 2003
Posts: 4165
    
  21

Originally posted by chriswelz:
This will not work in Firefox!!
Also it's not a very usable behavior that you will get an "Page expired" Error Message.

There must be a better solution?

chris


I disagree - I would say 80% of the pages I have use no-cache headers. I use Firefox as my main test-bed and never have seen a problem. A page past its cache-life will be re-requested from the server.

On the otherhand, if you are using the no-cache headers WITHOUT implementing the Post-Redirect-Get pattern Ben mentions, you could get this warning when the user tries to go back to the page the form submits to. When you implement the Post-Redirect-Get pattern then you never get to that page, because the redirect-get replaces the Post request in the browser.

So if you are getting the error it is probably because you have not done both things Ben had suggested.


Steve
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4646
    
    5

Disabling the browser's back button is evil.

Your users expect it to work.

That you can hack things to work most of the time on most of the browsers does not make it a good thing to do.

What you want is to have a great, intuitave user experience.

Fix your code to work properly with back and forward as Marc Andreesen intended.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60766
    
  65

Indeed! Disabling the back button is a crutch to get around coding your web application properly. Fix the web app, don't try to break the browser.

Please read this for more information.
[ October 17, 2008: Message edited by: Bear Bibeault ]

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Yogesh Lonkar
Ranch Hand

Joined: Jul 17, 2012
Posts: 94

Raghavan Muthu wrote:The second of two options what Ben suggested is the simple one and easy way to get rid of this.

Try include the following code snippet in your Jsp page.



It works perfectly!


Thanks works perfectly fine


Learning some thing New Every Day
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Disable back button
 
Similar Threads
Disable Back button on Internet Explorer
Disable back button of browser using javascript
Problem with session
Login Problem
servlet