File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes how to restrict going on previous page in a web app Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "how to restrict going on previous page in a web app" Watch "how to restrict going on previous page in a web app" New topic
Author

how to restrict going on previous page in a web app

Bhavesh Kumar
Greenhorn

Joined: Aug 12, 2012
Posts: 18
Hi Geeks ! I'm developing an application using Servlet and JSP. I have a situation (Page) from where I have to restrict a user to go on previous web page and redirect on the same page. So how it is possible.. please give any suggetion ,,,, Just waiting
Amrit pandey
Greenhorn

Joined: Jun 28, 2010
Posts: 19
HI Bhavesh,
I would suggest you the following logic

1> In session keep three strings, currentPage, previousPage and nextPage where,

currentPage will represent the current view of the application.
Similarly,
previousPage:- Previous view of the application
nextPage:- request to navigate to the next page from the current Page.

2> In your situation I am assuming, based on user's priviledge/access or any other logic which guides the application to allows/dont allow the user to navigate to any particular page.

Let us suppose User object has a method hasAccess() which returns boolean value i.e. TRUE if user has access to perform a particular action and FALSE if user doesnot have the access.

3>Assuming you are having some action method which will be called when actor makes a request to navigate to any page ( say navigateNextPage())

Write following logic in your action method



In this way you can restrict user to navigate to the previous page. Let us know if this logic doesn't make any sense in your scenario.


Thanks,
Amrit Pandey


Thanks & Regards,
Amrit Pandey
R. Jain
Ranch Hand

Joined: Aug 11, 2012
Posts: 375
    
    1

Bhavesh Kumar wrote:Hi Geeks ! I'm developing an application using Servlet and JSP. I have a situation (Page) from where I have to restrict a user to go on previous web page and redirect on the same page. So how it is possible.. please give any suggetion ,,,, Just waiting


If I am taking your post correctly, you are talking about the case when user logs out and clicks the back button on browser? If not correct me...
If this is the case, you can add the following line of code at the top of each JSP Page: -

response.setHeader("Cache-Control", "no-cache"); //Forces caches to obtain a new copy of the page from the origin server
response.setHeader("Cache-Control", "no-store"); //Directs caches not to store the page under any circumstance
response.setDateHeader("Expires", 0); //Causes the proxy cache to see the page as "stale"
response.setHeader("Pragma", "no-cache"); //HTTP 1.0 backward compatibility

Remember, these should be first lines of any JSP page...

Plus you can set a session variable, and check for it in every page.. If it is set, then probably user is still logged in, so you can redirect him to the previous page, or else you can redirect him to the home page...

The difference you get by adding the above 4 lines is that, when user clicks the back button after session is over... He will not actually be redirect to any page, as we are forcing him to obtain a new copy from the server, and in this case he can't.. So, he simply sits on that page as if the back button is disabled....

Rohit
Bhavesh Kumar
Greenhorn

Joined: Aug 12, 2012
Posts: 18
Actually in my case, user is logged in and performing some type of skill test. So after a particular page that is user is restricted to move backward anyway. I mean user can only click the NEXT button on page and continue so on...

This is the case .. now please Help...

Amrit is looking very close to my problem .. but can you suggest any better approach sir...
R. Jain
Ranch Hand

Joined: Aug 11, 2012
Posts: 375
    
    1

Bhavesh Kumar wrote:Actually in my case, user is logged in and performing some type of skill test. So after a particular page that is user is restricted to move backward anyway. I mean user can only click the NEXT button on page and continue so on...

This is the case .. now please Help...

Amrit is looking very close to my problem .. but can you suggest any better approach sir...


So, you are saying that a user should send a request for a particular page only once... And once he has accessed the page, he can't get into that page again in that user session???

If this is the case, for each page you can associate a request_no variable in that user session.. And as user access that page, set that request_no variable for that page to 1.
And when user clicks back button, a request will be sent to the server for an already accessed page, then you can check whether the request_no for that page is 1 or 0...
If it is 1, then he has already accessed that page, so you can redirect him to the current page or home page wherever you want........

And again you can use that 4 lines I gave you above to force user to fetch a page only from the server and not use the internal cache...

R. Jain
Ranch Hand

Joined: Aug 11, 2012
Posts: 375
    
    1

Bhavesh Kumar wrote:Actually in my case, user is logged in and performing some type of skill test. So after a particular page that is user is restricted to move backward anyway. I mean user can only click the NEXT button on page and continue so on...

This is the case .. now please Help...

Amrit is looking very close to my problem .. but can you suggest any better approach sir...


And yes,.. Just call me Rohit... Getting addressed as Sir, makes me feel I am getting Old... And if my parents gets to know this, they will force me out of my happy lyf, which is so good as a Bachelor....
And of course you understand what I am saying...
Bhavesh Kumar
Greenhorn

Joined: Aug 12, 2012
Posts: 18
Oh Sorry Yaar... Interesting personality ... really its true that calling "SIR" goes to a very mature & senior person... I'm also 23 yrs old...
Share your Facebook ... And please don't mind if it is too much..
R. Jain
Ranch Hand

Joined: Aug 11, 2012
Posts: 375
    
    1

Bhavesh Kumar wrote:Oh Sorry Yaar... Interesting personality ... really its true that calling "SIR" goes to a very mature & senior person... I'm also 23 yrs old...
Share your Facebook ... And please don't mind if it is too much..


What if I say it's too much... Even then I don't mind... So you are safe...
And just to increase your G.K. which is generally very low in our age... I am younger than you... I am just 22... So be happy..

So, did I solve your problem... Not this one... The original one....

And this is my facebook: - http://www.facebook.com/rjain.rohit or search by rohitjain.pce2011@gmail.com
Bhavesh Kumar
Greenhorn

Joined: Aug 12, 2012
Posts: 18
Oh Thanks Jain Saab.... Really helpful answer this was. Can you provide me some code example(Servlet, JSP) only if possible and you are comfortable ... Plzzz
R. Jain
Ranch Hand

Joined: Aug 11, 2012
Posts: 375
    
    1

Bhavesh Kumar wrote:Oh Thanks Jain Saab.... Really helpful answer this was. Can you provide me some code example(Servlet, JSP) only if possible and you are comfortable ... Plzzz


You can see this Post: -

http://www.coderanch.com/t/491725/JSP/java/prevent-user-browse-back-previous

And

http://www.coderanch.com/how-to/java/PostRedirectGet

I think it will be helpful....
R. Jain
Ranch Hand

Joined: Aug 11, 2012
Posts: 375
    
    1

Bhavesh Kumar wrote:Oh Thanks Jain Saab.... Really helpful answer this was. Can you provide me some code example(Servlet, JSP) only if possible and you are comfortable ... Plzzz


You can also use following JavaScript code on each of your page, where you don't want your user to get back again : -
R. Jain
Ranch Hand

Joined: Aug 11, 2012
Posts: 375
    
    1

R. Jain wrote:
Bhavesh Kumar wrote:Oh Thanks Jain Saab.... Really helpful answer this was. Can you provide me some code example(Servlet, JSP) only if possible and you are comfortable ... Plzzz


You can see this Post: -

http://www.coderanch.com/t/491725/JSP/java/prevent-user-browse-back-previous

And

http://www.coderanch.com/how-to/java/PostRedirectGet

I think it will be helpful....



Suppose I have a Servlet: -



And SomePage.jsp: -



And OneMore.jsp: -




You can try running this code....

Amrit pandey
Greenhorn

Joined: Jun 28, 2010
Posts: 19
Hi Bhavesh,
Sorry I could not follow the post for last couple of days.. R.Jain has provided very valuable inputs, hope you were able to implement what you wanted!! Good luck..
jatan bhavsar
Ranch Hand

Joined: Jul 23, 2008
Posts: 296

hi,

What rohit has told is good but can you disable the browser back button and what if user go back with browser's back button and start operations again.

Regards
Jatan
Amrit pandey
Greenhorn

Joined: Jun 28, 2010
Posts: 19
Hi Bhavesh,
To answer your question on disabling the back button of the browser : "Yes!!! We can disable the browser back button, infact it is very common especially in Banking website where security is a major concern".

In the most simplest way. It can be achieved by using JavaScript function . The function causes every BACK request to return FORWARD.

========= Code sample=============
if(window.history)
{
window.history.forward(1);
}
================================

Again , you need to pay special attention on browser compatibility when you are using JavaScript and you are willing to run your application on multiple browser.

Hope this reply is inline to your question.
Thanks,
Amrit Pandey
<Please don't mind formatting of this reply.. I am posting it from my mobile.>
jatan bhavsar
Ranch Hand

Joined: Jul 23, 2008
Posts: 296

hi,

What if user right clicks and click on back button.. or press back from keyboard?

Regards
Jatan
Amrit pandey
Greenhorn

Joined: Jun 28, 2010
Posts: 19
Again, we will have to use JavaScript methods to disable / filter specific mouse events/ keyboard events based on the requirement ..

E.g
==============================
<script language="JavaScript">
Document.onmousedown=disableclick;
Status= "Right Click Disabled";

Function disableclick(e)
{
if(e.button==2)
{
Return false;
}
}
==============================

For more information , Please refer following URL :
Http://www.hypergurl.com/norightclick.html



Thanks ,
Amrit Pandey
R. Jain
Ranch Hand

Joined: Aug 11, 2012
Posts: 375
    
    1

Amrit pandey wrote:Again, we will have to use JavaScript methods to disable / filter specific mouse events/ keyboard events based on the requirement ..

E.g
==============================
<script language="JavaScript">
Document.onmousedown=disableclick;
Status= "Right Click Disabled";

Function disableclick(e)
{
if(e.button==2)
{
Return false;
}
}
==============================

For more information , Please refer following URL :
Http://www.hypergurl.com/norightclick.html



Thanks ,
Amrit Pandey


While we can disable Browsers back button or key board back button, it not a good idea.. As user may not like that he is not allowed to click on backspace key of his keyboard ,
or the browers back button..
It would be better to handle session on your own through code... Let him to click whatever he wants, you just need to redirect him to appropriate page you need him to be in..
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61413
    
  67

Disabling the back button is a horrible way to deal with a web application problem. It's like using duct tape to fix a cracked windshield.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30749
    
156

Banking applications done well are not disabling the back button using JavaScript. They are using one time tokens so you can only navigate in a specified order. When using the back button, the token doesn't match and you "get" to start over.

JavaScript is not security.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Yogesh Lonkar
Ranch Hand

Joined: Jul 17, 2012
Posts: 94

i followed all the suggested methods for stoping cache of page on web browser and in case of logout i redirect it to index.jsp page where is use this code

this way no mater how many times he clicks back bottom it will remain no that page only


Learning some thing New Every Day
R. Jain
Ranch Hand

Joined: Aug 11, 2012
Posts: 375
    
    1

Yogesh Lonkar wrote:i followed all the suggested methods for stoping cache of page on web browser and in case of logout i redirect it to index.jsp page where is use this code

this way no mater how many times he clicks back bottom it will remain no that page only

If you read all of the comments above, you might have understood that you should not use Javascript for security purpose, as it is not secure.
Javascript code can easily be cracked at client side and you can't help it..
Better go by setting the no-cache headers in the jsp pages, and checking the session value, each time you visit a page..
Wendy Gibbons
Bartender

Joined: Oct 21, 2008
Posts: 1107

R. Jain wrote:
Yogesh Lonkar wrote:i followed all the suggested methods for stoping cache of page on web browser and in case of logout i redirect it to index.jsp page where is use this code

this way no mater how many times he clicks back bottom it will remain no that page only

If you read all of the comments above, you might have understood that you should not use Javascript for security purpose, as it is not secure.
Javascript code can easily be cracked at client side and you can't help it..
Better go by setting the no-cache headers in the jsp pages, and checking the session value, each time you visit a page..


And can't user just disable JavaScript in their browser?
R. Jain
Ranch Hand

Joined: Aug 11, 2012
Posts: 375
    
    1

Wendy Gibbons wrote:
And can't user just disable JavaScript in their browser?

Yes, and that will completely nullify what all hard work you have done to stop users from doing, what they will now be doing unknowingly..
Wendy Gibbons
Bartender

Joined: Oct 21, 2008
Posts: 1107

I was hunting for this link and i found it, about trying to disable buttons on the browser
It's Not Your Browser
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to restrict going on previous page in a web app