• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Disabling browser back button using servlets.

 
Afroz Khan
Ranch Hand
Posts: 105
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am working on a project that includes online examination and i am using Servlets.. and sessions. How do i prevent the user from using back button of the browser or is there any way of disabling the browser back button using servlets.
It's very urgent requirement... Can i any one reply to it immediately... my e-mail id is afroz_kh@hotmail.com...
Thanks...
Bye...

------------------
Afroz
 
Angela Poynton
Ranch Hand
Posts: 3143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
To my knowledge there is no way of achieving this since the back button is part of the browser's functionality and can't really be manipulated by code running within it. One possibility which might restrict use to some degree though is to use javascript to open your application in a window that does not display the buttons. However the user would still be able to right click and chose "back".
I would be very happy if someone were to say there IS a way to disable the button, since I think it would be very useful, but I have tried it before, and I think the question has been asked here before and nobody came up with an answer!
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13058
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think you can disable the browser back - I would love to be able to.
I think there are some settings in the response that prevent the browser from caching the data and expire it as soon as the user leaves a page - that would make it impossible to back up. On my list of things to work out....
Bill
 
Tony Alicea
Desperado
Sheriff
Posts: 3226
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's the HttpServletResponse.setHeader(String name, String value) method.
It sets a response header with the given name and value. If the header had already been set, the new value overwrites the previous one. The containsHeader method can be used to test for the presence of a header before setting its value.
Parameters:
name - the name of the header
value - the header value

This method is then used in combination with the response headers
Cache-Control:
Expires:
 
Afroz Khan
Ranch Hand
Posts: 105
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanx all of u for giving me all the options. I might go for javascript or may be using the cache setting in servlets.
Once again Thanx a lot.
Afroz..
 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Tony
 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Tony,
I went through your answer, but I am unable to comprehend much about it . I would very much appreciate if you can give some more details.
Thanks in Advance!
Milan
 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I have tried res.setHeader("Cache-control","no-cache");
which is some having no effect, can someone guide me too on this issue.
Bye and thank you,
NetX
 
Sandip Chaudhuri
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
using javascript.

body. on load = history. foward()
 
Ronald Heukers
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Afroz,

Your problem is a well known problem,

I'll share with you our project-experiences with it.

First of all, pressing the back-button is calling the browser history. It all takes places on the client, there is no server interaction and you can not do anything about it.

If you really want to have serverinteraction then, you will have to user AJAX technology called from Javascript in the onload from the body.

You can however do somethings regarding to caching in your sources.

We do the following in our sources by filtering:

web.xml

<filter>
<filter-name>ResponseFilter</filter-name>
<filter-class>minlnv.ifi.common.filters.ResponseFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ResponseFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>

do filter in the responsefilter:

/**
* the actual filter logic is handled here
*
* @param request incoming context
* @param response outgoing context
* @param chain list of servlets/filters etc that need be called
*
* @throws IOException aany exception raised is transported to the user
* @throws ServletException any exception raised is transported to the user
*/
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
throws IOException,
ServletException
{
HttpServletResponse httpServletResponse = (HttpServletResponse) response;

httpServletResponse
.setHeader("Cache-Control", "no-cache, post-check=0, pre-check=0");
httpServletResponse.setHeader("Pragma", "no-cache");
httpServletResponse.setHeader("Expires", "Thu, 01 Dec 1994 16:00:00 GMT");

response = httpServletResponse;
chain.doFilter(request, response);
} // end of method


another option might be to use in your sources:

html-file:

<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">

Hope this is of some help

regards,

Ronald
 
Paul Croarkin
Ranch Hand
Posts: 106
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A Servlet cannot control the browser. AJAX / Javascript is of limited use also because it can be turned off. As pointed out above, you can play with the cache.

I think that it is not so much that you want to prevent the user from seeing the previous page, but that you really want to prevent them from re-posting an answer. This can be prevented by using nonces. A nonce is a unique id that you generate when you display your page. Typically it is put into a hidden form field. When the form is posted, you check to make sure that the nonce matches what was sent. You then invalidate that nonce so that if the form is posted again, you can reject the re-submission.
 
Jaime M. Tovar
Ranch Hand
Posts: 133
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is a j2ee pattern which deals with this stuff, the name is session token or something like that, sorry I cant remember the exact name, but you surely can find it if you look in the core j2ee patterns book, it is located in the extra stuff, not really a core pattern but a best practice as far as i remeber, the pattern just works fine i have used it in the past. Excellent book.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic