This week's giveaway is in the Spring forum.
We're giving away four copies of REST with Spring (video course) and have Eugen Paraschiv on-line!
See this thread for details.
The moose likes Servlets and the fly likes Disabling forward button in browser Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Disabling forward button in browser" Watch "Disabling forward button in browser" New topic

Disabling forward button in browser

Gopal Shah
Ranch Hand

Joined: May 17, 2003
Posts: 65

I am displaying a html page using servlet. I want to disable the forward button in the browser.

I think it is something to do with HTTP header. But didn't feel comfortable going thru ietf and understanding the protocol.

Thanks & Regards,
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63534

There is nothing you can set in the header to disable the browser buttons.

[Asking smart questions] [About Bear] [Books by Bear]
Gopal Shah
Ranch Hand

Joined: May 17, 2003
Posts: 65
Will invalidating the session work ?
Jeanne Boyarsky
author & internet detective

Joined: May 26, 2003
Posts: 32815

You can't disable the browsers forward button. You can stop further requests from being processed on the server side. That can be done through session invalidation or tokens.

If you are taking this approach make sure to set the http headers so the page can't be cached. Otherwise, someone could use the forward button and see a cached page.

[OCA 8 book] [Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
William Brogden
Author and all-around good cowpoke

Joined: Mar 22, 2000
Posts: 13024
You can have JavaScript (on the browser side) open a new browser window that does not have back and forward buttons, and fill it from your servlet. There is no way to do this with HTTP headers, it has to be code on the client side.

You see this all the time on commercial sites.

I agree. Here's the link:
subject: Disabling forward button in browser
It's not a secret anymore!