• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how to restrict going on previous page in a web app

 
Bhavesh Kumar
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Geeks ! I'm developing an application using Servlet and JSP. I have a situation (Page) from where I have to restrict a user to go on previous web page and redirect on the same page. So how it is possible.. please give any suggetion ,,,, Just waiting
 
Amrit pandey
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI Bhavesh,
I would suggest you the following logic

1> In session keep three strings, currentPage, previousPage and nextPage where,

currentPage will represent the current view of the application.
Similarly,
previousPage:- Previous view of the application
nextPage:- request to navigate to the next page from the current Page.

2> In your situation I am assuming, based on user's priviledge/access or any other logic which guides the application to allows/dont allow the user to navigate to any particular page.

Let us suppose User object has a method hasAccess() which returns boolean value i.e. TRUE if user has access to perform a particular action and FALSE if user doesnot have the access.

3>Assuming you are having some action method which will be called when actor makes a request to navigate to any page ( say navigateNextPage())

Write following logic in your action method



In this way you can restrict user to navigate to the previous page. Let us know if this logic doesn't make any sense in your scenario.


Thanks,
Amrit Pandey

 
R. Jain
Ranch Hand
Posts: 375
1
Java Python Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bhavesh Kumar wrote:Hi Geeks ! I'm developing an application using Servlet and JSP. I have a situation (Page) from where I have to restrict a user to go on previous web page and redirect on the same page. So how it is possible.. please give any suggetion ,,,, Just waiting


If I am taking your post correctly, you are talking about the case when user logs out and clicks the back button on browser? If not correct me...
If this is the case, you can add the following line of code at the top of each JSP Page: -

response.setHeader("Cache-Control", "no-cache"); //Forces caches to obtain a new copy of the page from the origin server
response.setHeader("Cache-Control", "no-store"); //Directs caches not to store the page under any circumstance
response.setDateHeader("Expires", 0); //Causes the proxy cache to see the page as "stale"
response.setHeader("Pragma", "no-cache"); //HTTP 1.0 backward compatibility

Remember, these should be first lines of any JSP page...

Plus you can set a session variable, and check for it in every page.. If it is set, then probably user is still logged in, so you can redirect him to the previous page, or else you can redirect him to the home page...

The difference you get by adding the above 4 lines is that, when user clicks the back button after session is over... He will not actually be redirect to any page, as we are forcing him to obtain a new copy from the server, and in this case he can't.. So, he simply sits on that page as if the back button is disabled....

Rohit
 
Bhavesh Kumar
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually in my case, user is logged in and performing some type of skill test. So after a particular page that is user is restricted to move backward anyway. I mean user can only click the NEXT button on page and continue so on...

This is the case .. now please Help...

Amrit is looking very close to my problem .. but can you suggest any better approach sir...
 
R. Jain
Ranch Hand
Posts: 375
1
Java Python Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bhavesh Kumar wrote:Actually in my case, user is logged in and performing some type of skill test. So after a particular page that is user is restricted to move backward anyway. I mean user can only click the NEXT button on page and continue so on...

This is the case .. now please Help...

Amrit is looking very close to my problem .. but can you suggest any better approach sir...


So, you are saying that a user should send a request for a particular page only once... And once he has accessed the page, he can't get into that page again in that user session???

If this is the case, for each page you can associate a request_no variable in that user session.. And as user access that page, set that request_no variable for that page to 1.
And when user clicks back button, a request will be sent to the server for an already accessed page, then you can check whether the request_no for that page is 1 or 0...
If it is 1, then he has already accessed that page, so you can redirect him to the current page or home page wherever you want........

And again you can use that 4 lines I gave you above to force user to fetch a page only from the server and not use the internal cache...

 
R. Jain
Ranch Hand
Posts: 375
1
Java Python Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bhavesh Kumar wrote:Actually in my case, user is logged in and performing some type of skill test. So after a particular page that is user is restricted to move backward anyway. I mean user can only click the NEXT button on page and continue so on...

This is the case .. now please Help...

Amrit is looking very close to my problem .. but can you suggest any better approach sir...


And yes,.. Just call me Rohit... Getting addressed as Sir, makes me feel I am getting Old... And if my parents gets to know this, they will force me out of my happy lyf, which is so good as a Bachelor....
And of course you understand what I am saying...
 
Bhavesh Kumar
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oh Sorry Yaar... Interesting personality ... really its true that calling "SIR" goes to a very mature & senior person... I'm also 23 yrs old...
Share your Facebook ... And please don't mind if it is too much..
 
R. Jain
Ranch Hand
Posts: 375
1
Java Python Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bhavesh Kumar wrote:Oh Sorry Yaar... Interesting personality ... really its true that calling "SIR" goes to a very mature & senior person... I'm also 23 yrs old...
Share your Facebook ... And please don't mind if it is too much..


What if I say it's too much... Even then I don't mind... So you are safe...
And just to increase your G.K. which is generally very low in our age... I am younger than you... I am just 22... So be happy..

So, did I solve your problem... Not this one... The original one....

And this is my facebook: - http://www.facebook.com/rjain.rohit or search by rohitjain.pce2011@gmail.com
 
Bhavesh Kumar
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oh Thanks Jain Saab.... Really helpful answer this was. Can you provide me some code example(Servlet, JSP) only if possible and you are comfortable ... Plzzz
 
R. Jain
Ranch Hand
Posts: 375
1
Java Python Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bhavesh Kumar wrote:Oh Thanks Jain Saab.... Really helpful answer this was. Can you provide me some code example(Servlet, JSP) only if possible and you are comfortable ... Plzzz


You can see this Post: -

http://www.coderanch.com/t/491725/JSP/java/prevent-user-browse-back-previous

And

http://www.coderanch.com/how-to/java/PostRedirectGet

I think it will be helpful....
 
R. Jain
Ranch Hand
Posts: 375
1
Java Python Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bhavesh Kumar wrote:Oh Thanks Jain Saab.... Really helpful answer this was. Can you provide me some code example(Servlet, JSP) only if possible and you are comfortable ... Plzzz


You can also use following JavaScript code on each of your page, where you don't want your user to get back again : -
 
R. Jain
Ranch Hand
Posts: 375
1
Java Python Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
R. Jain wrote:
Bhavesh Kumar wrote:Oh Thanks Jain Saab.... Really helpful answer this was. Can you provide me some code example(Servlet, JSP) only if possible and you are comfortable ... Plzzz


You can see this Post: -

http://www.coderanch.com/t/491725/JSP/java/prevent-user-browse-back-previous

And

http://www.coderanch.com/how-to/java/PostRedirectGet

I think it will be helpful....



Suppose I have a Servlet: -



And SomePage.jsp: -



And OneMore.jsp: -




You can try running this code....

 
Amrit pandey
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Bhavesh,
Sorry I could not follow the post for last couple of days.. R.Jain has provided very valuable inputs, hope you were able to implement what you wanted!! Good luck..
 
jatan bhavsar
Ranch Hand
Posts: 299
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,

What rohit has told is good but can you disable the browser back button and what if user go back with browser's back button and start operations again.

Regards
Jatan
 
Amrit pandey
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Bhavesh,
To answer your question on disabling the back button of the browser : "Yes!!! We can disable the browser back button, infact it is very common especially in Banking website where security is a major concern".

In the most simplest way. It can be achieved by using JavaScript function . The function causes every BACK request to return FORWARD.

========= Code sample=============
if(window.history)
{
window.history.forward(1);
}
================================

Again , you need to pay special attention on browser compatibility when you are using JavaScript and you are willing to run your application on multiple browser.

Hope this reply is inline to your question.
Thanks,
Amrit Pandey
<Please don't mind formatting of this reply.. I am posting it from my mobile.>
 
jatan bhavsar
Ranch Hand
Posts: 299
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,

What if user right clicks and click on back button.. or press back from keyboard?

Regards
Jatan
 
Amrit pandey
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Again, we will have to use JavaScript methods to disable / filter specific mouse events/ keyboard events based on the requirement ..

E.g
==============================
<script language="JavaScript">
Document.onmousedown=disableclick;
Status= "Right Click Disabled";

Function disableclick(e)
{
if(e.button==2)
{
Return false;
}
}
==============================

For more information , Please refer following URL :
Http://www.hypergurl.com/norightclick.html



Thanks ,
Amrit Pandey
 
R. Jain
Ranch Hand
Posts: 375
1
Java Python Ubuntu
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Amrit pandey wrote:Again, we will have to use JavaScript methods to disable / filter specific mouse events/ keyboard events based on the requirement ..

E.g
==============================
<script language="JavaScript">
Document.onmousedown=disableclick;
Status= "Right Click Disabled";

Function disableclick(e)
{
if(e.button==2)
{
Return false;
}
}
==============================

For more information , Please refer following URL :
Http://www.hypergurl.com/norightclick.html



Thanks ,
Amrit Pandey


While we can disable Browsers back button or key board back button, it not a good idea.. As user may not like that he is not allowed to click on backspace key of his keyboard ,
or the browers back button..
It would be better to handle session on your own through code... Let him to click whatever he wants, you just need to redirect him to appropriate page you need him to be in..
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64617
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Disabling the back button is a horrible way to deal with a web application problem. It's like using duct tape to fix a cracked windshield.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34071
331
Eclipse IDE Java VI Editor
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Banking applications done well are not disabling the back button using JavaScript. They are using one time tokens so you can only navigate in a specified order. When using the back button, the token doesn't match and you "get" to start over.

JavaScript is not security.
 
Yogesh Lonkar
Ranch Hand
Posts: 94
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i followed all the suggested methods for stoping cache of page on web browser and in case of logout i redirect it to index.jsp page where is use this code

this way no mater how many times he clicks back bottom it will remain no that page only
 
R. Jain
Ranch Hand
Posts: 375
1
Java Python Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yogesh Lonkar wrote:i followed all the suggested methods for stoping cache of page on web browser and in case of logout i redirect it to index.jsp page where is use this code

this way no mater how many times he clicks back bottom it will remain no that page only

If you read all of the comments above, you might have understood that you should not use Javascript for security purpose, as it is not secure.
Javascript code can easily be cracked at client side and you can't help it..
Better go by setting the no-cache headers in the jsp pages, and checking the session value, each time you visit a page..
 
Wendy Gibbons
Bartender
Posts: 1110
Eclipse IDE Oracle VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
R. Jain wrote:
Yogesh Lonkar wrote:i followed all the suggested methods for stoping cache of page on web browser and in case of logout i redirect it to index.jsp page where is use this code

this way no mater how many times he clicks back bottom it will remain no that page only

If you read all of the comments above, you might have understood that you should not use Javascript for security purpose, as it is not secure.
Javascript code can easily be cracked at client side and you can't help it..
Better go by setting the no-cache headers in the jsp pages, and checking the session value, each time you visit a page..


And can't user just disable JavaScript in their browser?
 
R. Jain
Ranch Hand
Posts: 375
1
Java Python Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Wendy Gibbons wrote:
And can't user just disable JavaScript in their browser?

Yes, and that will completely nullify what all hard work you have done to stop users from doing, what they will now be doing unknowingly..
 
Wendy Gibbons
Bartender
Posts: 1110
Eclipse IDE Oracle VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was hunting for this link and i found it, about trying to disable buttons on the browser
It's Not Your Browser
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic