File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes urgent help : servlets !!!!! Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "urgent help : servlets !!!!!" Watch "urgent help : servlets !!!!!" New topic

urgent help : servlets !!!!!

sumit vashishta

Joined: Jun 14, 2001
Posts: 15
hi all !
my problem is that I want my servlet code to function in such a way that the user cannot go to the previous/back page even if he clicks the backspace key or back button.
I have tried using the setStatus(301) but it gives 'page cannot be displayed' error message. would appreciate if someone can help me.
thanks in advance.
Jayakumar Gopalan

Joined: Jan 27, 2001
Posts: 20
Hi sumit vashishta!
Try this:
<script language='JavaScript'>window.history.forward(1);</script>");
out.println(" .......... </head><body> .......... </body></html>");
Hope this will help you.
Mohamed Yousuff
Ranch Hand

Joined: Jun 23, 2001
Posts: 73

I am quite sure that it is not possible to avoid that. The only option in such cases is to open a new window using javascript without any toolbar, address bar etc. In this case you also need to capture right click of mouse and disable it since it is possible to go to the previous screen by that. Nevertheless, this is applicable only for the dummies, I mean normal users. You cannot prevent that from the real techies.
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

Especially since alt-back arrow will go to the previous page in some browsers and I tend to do this without thinking...
If you need to be that paranoid about achieving this at any aim, a solution we came up with is this:
When the user goes to the next page, send them a page that uses the javascript window.opem to open a new page that they are allowed to view and closes the existing one. This destroys the history since it goes away with the previous window and the new window no longer has a window.
I'm not recommending this, personally I hate it, but it does solve the problem.
sumit vashishta

Joined: Jun 14, 2001
Posts: 15
hi jayakumar and mohamed,
will try your suggestions
thanks to both of u.
sumit vashishta

Joined: Jun 14, 2001
Posts: 15
hi dave and others
is there any method/code in servlets or java wherein I can do the coding instead of javascript.
thanks dave
Jayakumar Gopalan

Joined: Jan 27, 2001
Posts: 20
Hi Sumit vashishta!
Whether it is servlets or JSP, ultimately HTML is going to be displayed in the browser. Once a page is displayed, by default browser will cache the page and its content. So, if the user click on the back button etc. to go to the previous page, browser will display the previous cached page without going contacting the server for the page content. So it is NOT possible (anyone correct me if I am wrong) to prevent the browser to show the previous page with the help of JAVA. So you have to rely on JavaScript only.
However, if you set the expiration of the page to zero, then browser will not cache the page and contacts the server to get the page content. So at this point of time, you can have some session objects to store the visited pages and prevent him to see the previous page.
Any comments ...
Dave Soto
Ranch Hand

Joined: Sep 15, 2001
Posts: 55
There's no true way to prevent a user from *viewing* an old page. He's already got that web page in his cache somewhere; one way or another he can view it. Here's what's probably your concern: You don't want him to do something out of order, or to do it twice... For instance, he's on an order form, he clicks submit, and while the results page is being processed, he clicks 'stop' or 'back' and submits it again in frustration. Now you've got two orders... am I close?
A great way to prevent this is to use a token. Here's how it's done:
While processing the request:
1) Randomly generate a token (integer).
2) Save the token to the user session.
3) Embed the token as a hidden parameter <input type=hidden ...> in the form (or forms) that you want to protect.
4) Send him the response.
While processing the following request:
5) Retrieve the token from the session.
6) Retrieve the token Parameter from the user request.
7) Compare the tokens.
8) If the tokens match, process the user's request
9) If the tokens don't match, then do not process the user's request, and instead tell the user to behave himself.
I agree. Here's the link:
subject: urgent help : servlets !!!!!
It's not a secret anymore!