This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I am not sure how to go about with JSF, but I had been working on Spring MVC.
Let me explain in generic.
Following will be needed:
1. 2 tokens to identify the current page and the next page in the current JSP.
2. method abc () to be called in all the requests.
There will be two hidden variables, currentPage and nextPage in the page.
The currentPage will have a hardcoded value for each page.
When the request successfully moves from one page to another, a variable currentPage will be stored in the session with the destination page (nextPage).
This happens before the forward is returned by an action method.
Action Class Update:
All the methods of the action class will have to call the super class method abc() which will perform the following:
This will read the currentPage attribute from the request parameter and compare the same with the session variable.
In case, the variables are the same, proceed to perform the action, else redirect to the session invalid page.
Hope this will suffice your requirement.
Joined: Nov 02, 2009
Thank you very much for your suggestion, Rajiv. This is an interesting solution.
Could you please also explain, how can we perform a server interaction from the previous page when user presses browser's 'back' button? I think, browser will not submit details to server when user press back button. In this scenario, I am afraid, we cannot compare the page tokens in server, and redirect user to 'session expiry' page.
Joined: Jun 06, 2006
Hmm, in my application, I had encountered the page submission whenever I clicked the back button.
So maybe I did not feel that there could be a possibility of the browser not submitting any request.
I am not in a position to analyze how the browser decides whether to submit the page or not.
In this case, it is a browser specific event handling, which is not in the application's control.
Maybe I will have to do a little research on this.
Sorry, I could not be of any help to you at the moment.
Joined: Nov 02, 2009
No problem, Rajiv.
I am really thankful to you for spending your time for analysing my problem.