my dog learned polymorphism*
The moose likes Servlets and the fly likes web page sessions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "web page sessions" Watch "web page sessions" New topic
Author

web page sessions

nikil shar
Ranch Hand

Joined: May 25, 2008
Posts: 116
hi all,
i came across a web site which offered online payment option e.g credit cards etc and after making the payment i was surprised to see i could click on the "back" button and get back to the web page where i entered all my credit card details !!!
my fellow friends argued that the transaction went over https so it was secure but my problem is that i think the session should be expired after the payment has been made so no-one can go back and view the details entered ?? please throw some light on this if you can.


thanks in advance.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60765
    
  65

When the back button was clicked, the browser most likely pulled the page out of its cache. If so, the web app in question isn't properly setting headers to prevent this.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
nikil shar
Ranch Hand

Joined: May 25, 2008
Posts: 116
would you be able to give me an example where headers are set properly to avoid this ??

thanks.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60765
    
  65

Look in the "How To" section of the JSP FAQ.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: web page sessions
 
Similar Threads
Joining cattle drive - Payment!
Question about Part 2 assignment.
Paying issue
show a website's response on my web page
Payment Gateway - dual verification check