Sujata Samal

Have you tried setting the contectType in response object something like - response.setContentType("image/png") ??

-Sujata

Hi Abhishek,

Try * inplace of /* in <url-pattern>/*</url-pattern> tag to map all requests if you have only one application deployed.

-Sujata

A simplest way could be have a comon method lets say isSessionValid() and every action you perform call this method.

inside isSessionValid() verify if the session is invalid/expired then foreward to the login page with the current url as a request parameter for example - http://hostnam:port/context-path/login.do?url="currentURL".

in your login page once the user is authenticated,redirect to the currentURL.


-Sujata.

Paul - Could you please share your thought(s) how to resolve this kind of problem(other than one-time token).I will definitely rethink to implement your solution/a feasible solution !!


-Sujata.

From my experience, there was a scenario

-> where the user submits a page lets say from SubmittingPage and click back button and can again submit but we wanted to avoid re-submit
-> we cant invalidate/expire the cache as SubmittingPage can be accesed from another page and should populate the previously keyed in values.

there might be some other ways to implement(may be using onr-time token) but we found implemneting history.forward is more convinient at that point of time.

in this case how can i say there is no practical purpose??

-Sujata.

As you wrote/i agreed it does not add any security its just a trick to make the user hard to navigate back.

-Sujata

who had posted this query should have read the other two replies..

-> invalidating cache
-> invalidating session in logout

so i meant in addition to this you can also add......history.foreward()

hope its clear now

-Sujata

Ha ha...no one would pretend history.forward() adds security in the application!!

-Sujata

Adding tricks on top of securities is . If someone reads carefully i wrote "you can also add........"

-Sujata

Hi Rahul,

You can also add javascript:history.forward() in your logout page which will prevent the IE back button working.


-Sujata

Try <%@ page isErrorPage="true" %> (space between @ and page)

-Sujata

Hi Chris,


I would say add doGet(..) in you servlet and put some SOPs/log messages and acess the servlet directly "http://localhost:8080/Beer-v1/SelectBeeer.do" from the IE's address bar and verify if that hits the servlet.

When you submit the html see the url in the addressbar ,i think that will tell you the servlet location which the html is trying to hit.

-Sujata

Javedali - I have a feeling that the js file has to be included with contextPath/script/voucherDtls.js as i could see the onClick() calls a javascript method before submitting the form..you can verify by adding some alert messages inside the java script methods and on click of submit the alert messages are getting executed.

-Sujata.

Hmm you are right..i was trying to give an example.
By the way JSF , Flex and many advanced UI technologies are already in 21st century market.

-Sujata

Hi Javedali - As Bear suggested you can use the conextpath - hardcoded or get from request (<%=request.getContextPath()>) and you can put some SOPs/log statements inside doPost() to verify if the request is really hitting the servlet or not

-Sujata