wood burning stoves 2.0*
The moose likes HTML, CSS and JavaScript and the fly likes windows.history.back() with tokens Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "windows.history.back() with tokens" Watch "windows.history.back() with tokens" New topic
Author

windows.history.back() with tokens

abhishek kaul
Greenhorn

Joined: May 13, 2010
Posts: 8

Hi all,

I have a webapp in which i am sending a token every time to server to prevent CSRF, which works fine. In case there is no token present in request or an invalid token the server rejects the request. This works fine.

In some places i have a back button which where i am using windows.history.back() to go to previous page. Problem is it sends previous URL to the server with the previous token which is invalid. Hence server rejects it. Is there a way to set a new token in the windows.history.back() ?? or some other ideas to do this ??


Thanks a lot guys...
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
No, You have no control over the history.

Eric
Victoria Harris
Greenhorn

Joined: Aug 23, 2010
Posts: 6
May be you could set some cookie or temporary file with exact instructions. Actually I'm guessing. What kind of application you use, is it custom-made by you?



When you can't find an answer... http://dld.bz/sNs7
Do you know why FREE is an opportunity?.. http://bit.ly/aHpeat
abhishek kaul
Greenhorn

Joined: May 13, 2010
Posts: 8
Sorry for the really late response...

But yeah Eric is right... i can't control history...


I changed it to use same token for entire session. So that works fine now.

Thanks,
Abhishek
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: windows.history.back() with tokens
 
Similar Threads
Session in a website with html pages and servlets
Customized JAAS Module.
Upgrading from WAS 4.0 to 5.1
Web Service SOAP exception when security access denied.
Problem with Ctrl-N and opening a new window