wood burning stoves 2.0*
The moose likes Servlets and the fly likes Disabling browser back button using servlets. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Disabling browser back button using servlets." Watch "Disabling browser back button using servlets." New topic
Author

Disabling browser back button using servlets.

Afroz Khan
Ranch Hand

Joined: Aug 07, 2000
Posts: 105
Hi,
I am working on a project that includes online examination and i am using Servlets.. and sessions. How do i prevent the user from using back button of the browser or is there any way of disabling the browser back button using servlets.
It's very urgent requirement... Can i any one reply to it immediately... my e-mail id is afroz_kh@hotmail.com...
Thanks...
Bye...

------------------
Afroz


Afroz
Angela Poynton
Ranch Hand

Joined: Mar 02, 2000
Posts: 3143
To my knowledge there is no way of achieving this since the back button is part of the browser's functionality and can't really be manipulated by code running within it. One possibility which might restrict use to some degree though is to use javascript to open your application in a window that does not display the buttons. However the user would still be able to right click and chose "back".
I would be very happy if someone were to say there IS a way to disable the button, since I think it would be very useful, but I have tried it before, and I think the question has been asked here before and nobody came up with an answer!


Pounding at a thick stone wall won't move it, sometimes, you need to step back to see the way around.
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12806
    
    5
I don't think you can disable the browser back - I would love to be able to.
I think there are some settings in the response that prevent the browser from caching the data and expire it as soon as the user leaves a page - that would make it impossible to back up. On my list of things to work out....
Bill
Tony Alicea
Desperado
Sheriff

Joined: Jan 30, 2000
Posts: 3222
    
    5
It's the HttpServletResponse.setHeader(String name, String value) method.
It sets a response header with the given name and value. If the header had already been set, the new value overwrites the previous one. The containsHeader method can be used to test for the presence of a header before setting its value.
Parameters:
name - the name of the header
value - the header value

This method is then used in combination with the response headers
Cache-Control:
Expires:

Tony Alicea
Senior Java Web Application Developer, SCPJ2, SCWCD
Afroz Khan
Ranch Hand

Joined: Aug 07, 2000
Posts: 105
Thanx all of u for giving me all the options. I might go for javascript or may be using the cache setting in servlets.
Once again Thanx a lot.
Afroz..
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Dear Tony
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Dear Tony,
I went through your answer, but I am unable to comprehend much about it . I would very much appreciate if you can give some more details.
Thanks in Advance!
Milan
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Hi,
I have tried res.setHeader("Cache-control","no-cache");
which is some having no effect, can someone guide me too on this issue.
Bye and thank you,
NetX
Sandip Chaudhuri
Greenhorn

Joined: Dec 27, 2004
Posts: 26
using javascript.

body. on load = history. foward()
Ronald Heukers
Ranch Hand

Joined: Jul 20, 2005
Posts: 69
Hi Afroz,

Your problem is a well known problem,

I'll share with you our project-experiences with it.

First of all, pressing the back-button is calling the browser history. It all takes places on the client, there is no server interaction and you can not do anything about it.

If you really want to have serverinteraction then, you will have to user AJAX technology called from Javascript in the onload from the body.

You can however do somethings regarding to caching in your sources.

We do the following in our sources by filtering:

web.xml

<filter>
<filter-name>ResponseFilter</filter-name>
<filter-class>minlnv.ifi.common.filters.ResponseFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ResponseFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>

do filter in the responsefilter:

/**
* the actual filter logic is handled here
*
* @param request incoming context
* @param response outgoing context
* @param chain list of servlets/filters etc that need be called
*
* @throws IOException aany exception raised is transported to the user
* @throws ServletException any exception raised is transported to the user
*/
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
throws IOException,
ServletException
{
HttpServletResponse httpServletResponse = (HttpServletResponse) response;

httpServletResponse
.setHeader("Cache-Control", "no-cache, post-check=0, pre-check=0");
httpServletResponse.setHeader("Pragma", "no-cache");
httpServletResponse.setHeader("Expires", "Thu, 01 Dec 1994 16:00:00 GMT");

response = httpServletResponse;
chain.doFilter(request, response);
} // end of method


another option might be to use in your sources:

html-file:

<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">

Hope this is of some help

regards,

Ronald
Paul Croarkin
Ranch Hand

Joined: Sep 30, 2004
Posts: 106
A Servlet cannot control the browser. AJAX / Javascript is of limited use also because it can be turned off. As pointed out above, you can play with the cache.

I think that it is not so much that you want to prevent the user from seeing the previous page, but that you really want to prevent them from re-posting an answer. This can be prevented by using nonces. A nonce is a unique id that you generate when you display your page. Typically it is put into a hidden form field. When the form is posted, you check to make sure that the nonce matches what was sent. You then invalidate that nonce so that if the form is posted again, you can reject the re-submission.


Thanks,<br /> <br />Paul Croarkin<br />SCEA 5, SCWCD, SCJP
Jaime M. Tovar
Ranch Hand

Joined: Mar 28, 2005
Posts: 133
There is a j2ee pattern which deals with this stuff, the name is session token or something like that, sorry I cant remember the exact name, but you surely can find it if you look in the core j2ee patterns book, it is located in the extra stuff, not really a core pattern but a best practice as far as i remeber, the pattern just works fine i have used it in the past. Excellent book.


She will remember your heart when men are fairy tales in books written by rabbits.<br /> As long as there is duct tape... there is also hope.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Disabling browser back button using servlets.