• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

How to correctly handle a browser 'back'

 
Ranch Hand
Posts: 175
Netbeans IDE Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Folks,

I was hoping for some advice. I am building a java spring web application. A feature exists in the application whereby a user can create a booking. Once they do so, they are brought to the booking confirmation page. My question is, how should a web app behave when the user clicks 'back' at this point?

So currently, they just see a browser (Chrome) warning . I am wondering, how should I handle this? Should I intercept the back call and bring them to a 403 (or some such generic) page? Should I disable the user from clicking 'back' in the browser. I know that neither of these options are good ideas, but I am not sure what other options I have. I would love to hear how you guys handle similar situations.

Thanks again,

G
 
Marshal
Posts: 67418
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Glen Iris wrote:Should I intercept the back call and bring them to a 403 (or some such generic) page?


No.

Should I disable the user from clicking 'back' in the browser.


NO

I know that neither of these options are good ideas


Exactly. Any solution that tries to circumvent the browser is not only a bad idea, but ultimately will fail.

1) Implement proper cache control. (Search for examples.)

2) Be sure you are following the proper pattern such that POSTs are never "dangling" waiting to be activated by a refresh or back. See this article and pay particular attention to the "PRG pattern".
 
Glen Iris
Ranch Hand
Posts: 175
Netbeans IDE Chrome Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Perfect answer. Sincere Thanks Bear. I knew there was a way but had no idea what it was.
 
Glen Iris
Ranch Hand
Posts: 175
Netbeans IDE Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello again guys.

I have spent the past week implementing PRG and mine eyes have been opened. It is exactly what I needed.

However, I am still seeing one issue. My application uses Spring Security. I have a method to handle GET requests to '/login' (the login page) and this is fine. Any POST requests to '/login' are obviously handled by Spring as I did create a method to capture POST requests to '/login' but my break points were never hit. Therefore I cannot explicitly enforce the PRG 'Design Pattern' here as Spring is handling POST calls to the 'login' url.

The issue I am seeing is, when a user logs out, they are redirected to /login. If the user then refreshes the 'login' page, and subsequently attempts to enter his/her details, they see a 404. I had suspicious around what was causing this but so far, my investigations have not proved fruitful. Below is my Spring Security config:


I would appreciate any clues toward what you think the issue may be.

Many Thanks,

g
 
Glen Iris
Ranch Hand
Posts: 175
Netbeans IDE Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
anybody??
 
Normally trees don't drive trucks. Does this tiny ad have a license?
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic