struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank W. Zammetti" <fzli...@omnytex.com>
Subject Re: Removing page from browser history
Date Wed, 02 Aug 2006 15:11:30 GMT
FYI, Michael Jouravlev has spoken quite a bit about "controlling" the
browser history via the PRG pattern:

http://www.theserverside.com/tt/articles/article.tss?l=RedirectAfterPost

Another alternative is to use AJAX techniques.  AJAX requests do not get
stored in the browser's history, hence the back button doesn't have the
usual effect... many people see this as a problem however, as in general,
anything that makes the back button not simply go back to the last request

Bart is very much correct in any case.  If your system has to be secure
and robust, don't trust client-side scripting to do something like this. 
It's way too susceptible to tomfoolery (wow, that may very well be the
first time I've ever used that phrase!)

Frank

-- 
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM/Yahoo: fzammetti
MSN: fzammetti@hotmail.com
Author of "Practical Ajax Projects With Java Technology"
 (2006, Apress, ISBN 1-59059-695-1)
Java Web Parts - http://javawebparts.sourceforge.net
 Supplying the wheel, so you don't have to reinvent it!

On Wed, August 2, 2006 10:52 am, Bart Busschots wrote:
> I wouldn't rely on the client side for this. With FireFox and a few
> extensions you can have your wicked way on the client side and send
> anything you want to the server. Hence it's up to the server to look
> after security not the client. If you rely on the client alone your
> system will be very vulnerable to attack.
>
> The way I would do it would be to have a variable in session scope to
> store whether or not page two is available and then wrap all the code in
> page3.jsp inside a logic:if tag that will only display it if the
> variable in session says it's OK.
>
> Hope that's some help.
>
> Bart.
>
> Raghuveer wrote:
>> I am able restrict the user going back to previous page from current
>> page by
>> browser "BACK" button.
>>
>> <script language="javascript">
>> window.history.forward(1);
>> </script>
>>
>> How to restrict the user going to previous page by removing the Previous
>> page accessed by user from BROWSER HISTORY(Cntrl+H in IE).
>> I am using Struts Tiles Web application i have few modules to navigate
>> from
>> home page after login.
>>
>>
>> HOME PAGE
>> - Module 1
>> - Module 2
>> - Module 3
>>
>> In my Module 1 i have
>> page1.d0
>> page2.do
>> page3.do.
>>
>>
>> Page3.do will load page3.jsp.
>> This Jsp page can be viewed by User only if he comes from
>> Home->page1.do
>> page1.do->page2.do
>> page2.do->page3.do
>> page3.do->Home page
>>
>> User After Submit Form in page3 he will navigate to HOME page with
>> message
>> records saved succefully.
>>
>> My Requirment is he cannot go to page 3 from browser BACK Button or from
>> Browser History.
>>
>> So,
>> page 3.do is accessed only if user navigates all before 2 pages.
>> What ever i write code for this issue can be written only in Page3.jsp,
>>
>> Any Suggestions on this.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message