aspose file tools*
The moose likes Servlets and the fly likes How to disable back button of browser after session invalidation? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to disable back button of browser after session invalidation?" Watch "How to disable back button of browser after session invalidation?" New topic
Author

How to disable back button of browser after session invalidation?

Meenal Srivastva
Greenhorn

Joined: Jan 21, 2007
Posts: 19
Any pointers?


Thanks,
Meenal
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

The browser's back button can not be disabled by a web application.

We (web developers) have no business messing with our user's browser settings.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Meenal Srivastva
Greenhorn

Joined: Jan 21, 2007
Posts: 19
What i mean is .... after i have invalidated my session(this happens after the user clicks on a link to a jsp "LogOff") ..i donot want the user to go back into the application by just clicking on the back button of the browser.

How do i achieve that?

Right now ...i use the following script on the page preceding the last one (in html ):

<script ...>
javascript:window.history.forward(1);
</script>

Is this the right approach? Is there any other(better) way of achieving the same result?
Lave Kulshreshtha
Ranch Hand

Joined: Oct 21, 2007
Posts: 106
Hi Meenal,
I think right appraoch would be to open the browser window in full screen mode (I mean with out browser buttons), so user would not be able to click back button after log off.

Hope It helps.

Thanks,
Lave
Originally posted by Meenal Srivastva:
What i mean is .... after i have invalidated my session(this happens after the user clicks on a link to a jsp "LogOff") ..i donot want the user to go back into the application by just clicking on the back button of the browser.

How do i achieve that?

Right now ...i use the following script on the page preceding the last one (in html ):

<script ...>
javascript:window.history.forward(1);
</script>

Is this the right approach? Is there any other(better) way of achieving the same result?

[ January 16, 2008: Message edited by: Lave Kulshreshtha ]

SCJP 1.4, SCWCD 1.4, SCBCD 1.3, ITIL V3 Foundation Certification
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by Lave Kulshreshtha:
Hi Meenal,
I think right appraoch would be to open the browser window in full screen mode (I mean with out browser buttons), so user would not be able to click back button after log off.

Hope It helps.

Thanks,
Lave


I disagree.
Even without the back button, there are key combinations and mouse gestures that can be used to activate the browser's 'back' feature.
The application should be written in such a way that it can handle back button clicks gracefully.

Look at:
http://faq.javaranch.com/java/NoCacheHeaders
and
http://faq.javaranch.com/java/PostRedirectGet


The Post-Redirect-Get pattern insures that no screen is built as a result of a post request.

If you don't cache your pages and the user can't re-post the login screen from the back button, they won't be able to back into your application after logging out.
 
 
subject: How to disable back button of browser after session invalidation?