struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paweł Wielgus <poulw...@gmail.com>
Subject Re: Handling Browser Back/Forward Button in Struts2
Date Mon, 26 Jan 2009 08:11:57 GMT
Hi Shekher,
what i did is:
1. I added on every page:

          <meta http-equiv="Pragma" content="no-cache"/>
          <meta http-equiv="Cache-Control" content="no-cache"/>
          <meta http-equiv="Expires" content="-1"/>

- in <head> section at the begining of page and after <body> just
before </html> i added:

<head>
          <meta http-equiv="pragma" content="no-cache"/>
          <meta http-equiv="cache-control" content="no-cache"/>
          <meta http-equiv="expires" content="-1"/>
</head>
- so it is doubled!

2. I added to every response:

        response.setHeader("Pragma", "no-cache");
        response.setHeader("Cache-Control", "no-cache");
        response.setHeader("Expires", "-1");

And that's working for me under ssl. As for ssl it has nothing to do
with struts2, it's controlled by tomcat or any other server You are
using, i know there is ssl-plugin for s2 but i honestly don't know
what for, maybe it is targeted for checking if request is under ssl
and if not redirecting to ssl connection, but it's not turning ssl on
for sure.

If that won't help i can make a little app and pack it up for You, but
it can take some time.

Best greetings,
Paweł Wielgus.

2009/1/25 shekher awasthi <shekher.awasthi@gmail.com>:
> Hi Hi Paweł,
>
> i tried all the way in secure way
>
> i implimented SSL and now my tomcat is running on port 8443 usinh https
> protocol
> i have created a custom interceptor for setting the header values
>
> when user click logg off button this custom interceptor is working setting
> the header values below is the code i am using
>
> ActionContext context=invocation.getInvocationContext();
>            HttpServletResponse
> response=(HttpServletResponse)context.get(StrutsStatics.HTTP_RESPONSE);
>            if(response!=null){
>                System.out.println("**********setting
> header**************");
>                response.setHeader("Cache-Control", "must-revalidate");
>                response.setHeader("Cache-Control", "max-age=0");
>                response.setHeader("Pragma", "no-cache");//HTTP 1.1
>                response.setDateHeader ("Expires", 0); //prevents caching at
> the proxy
>                response.setHeader("Cache-Control","no-store"); //HTTP 1.1
>
>            }
>
> and on my logot message i have something like this
>
> <META content="MSHTML 6.00.2900.2180" name=GENERATOR>
> <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
> <META HTTP-EQUIV="EXPIRES" CONTENT="-1">
> <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
>
> but still results are same
> i can go back to secure page using browser back button
> any idea  why this is going on??
>
> or do i need to set anything apart from this?
>
> -shekher
>
> On Fri, Jan 23, 2009 at 9:06 PM, shekher awasthi
> <shekher.awasthi@gmail.com>wrote:
>
>> Can you guide me the way how to use SSL in struts2 i am looking in to this
>>
>> IDE i am using is MyEclispe
>>
>> and i am testing it using tomcat
>>
>> On Fri, Jan 23, 2009 at 7:33 PM, Paweł Wielgus <poulwiel@gmail.com> wrote:
>>
>>> Hi Shekher,
>>> all my testing was under SSL connection. So without pragma and cache
>>> control it's not working - sadly.
>>>
>>> Best greetings,
>>> Paweł Wielgus.
>>>
>>> 2009/1/22 shekher awasthi <shekher.awasthi@gmail.com>:
>>>  > Hi Paweł,
>>> >
>>> > another way we can do this by using SSL
>>> > as we are dealing in secure zone so using SSL for this might be a good
>>> case.
>>> >
>>> > the application i have seen so far who have dealt with this back/forward
>>> > button always using HTTPS protocol.
>>> >
>>> > i am also diving in to this case study and will share the results
>>> >
>>> >
>>> > On 1/22/09, shekher awasthi <shekher.awasthi@gmail.com> wrote:
>>> >>
>>> >> one of the banking application site which i tested today
>>> >>
>>> >> when user get logged off from and try to hit the back button he will
be
>>> >> shown a different page
>>> >> instead the one in the cache
>>> >> so i am also loking in to this aspect.
>>> >>
>>> >>
>>> >>  On 1/22/09, shekher awasthi <shekher.awasthi@gmail.com> wrote:
>>> >>>
>>> >>> using javascript is not a sure short solution
>>> >>> as i tested it throughly and javascript behaviour is not consistent
>>> >>> throught
>>> >>>
>>> >>> regarding setting header i did this i developed a custom interceptor
>>> which
>>> >>> is doing this
>>> >>>
>>> >>> but again its not worked as expected.
>>> >>> i am still clueless how online banking application doing this trick
>>> >>>
>>> >>> i am still on R&D mode for this if find anything will share
it
>>> >>>
>>> >>>
>>> >>>  On 1/22/09, Paweł Wielgus <poulwiel@gmail.com> wrote:
>>> >>>>
>>> >>>> Hi Ehtesham,
>>> >>>> it was said before on this thread that user can simply turn
of
>>> >>>> javascript whenever he wants,
>>> >>>> thats why i was looking for more server controlled solution.
But
>>> thank
>>> >>>> You for pointing it out, You made me to add it to my blog post.
>>> >>>>
>>> >>>> Best greetings,
>>> >>>> Paweł Wielgus.
>>> >>>>
>>> >>>> 2009/1/22 Ehteshamul Haque <ehshopon@yahoo.com>:
>>> >>>> >
>>> >>>> >
>>> >>>> >
>>> >>>> > Hi,
>>> >>>> >
>>> >>>> > I am not that much expert I I used the following javascript
code
>>> before
>>> >>>> in each page and it workded fine.
>>> >>>> >
>>> >>>> >
>>> >>>> > <script language="JavaScript">
>>> >>>> > var x=window.history.length;
>>> >>>> > if (window.history[x]!=window.location)
>>> >>>> > {
>>> >>>> >     window.history.forward();
>>> >>>> > }
>>> >>>> > </script>
>>> >>>> >
>>> >>>> > If it work for you I will be very happy.
>>> >>>> >
>>> >>>> > Thank you.
>>> >>>> >
>>> >>>> > -Ehtesham
>>> >>>> >
>>> >>>> >
>>> >>>> > --- On Thu, 1/22/09, Paweł Wielgus <poulwiel@gmail.com>
wrote:
>>> >>>> >
>>> >>>> > From: Paweł Wielgus <poulwiel@gmail.com>
>>> >>>> > Subject: Re: Handling Browser Back/Forward Button in Struts2
>>> >>>> > To: "Struts Users Mailing List" <user@struts.apache.org>
>>> >>>> > Date: Thursday, January 22, 2009, 12:34 AM
>>> >>>> >
>>> >>>> > Hi Shekher,
>>> >>>> > it was very interesting subject, so i dig a little more.
>>> >>>> > Here [1] is what i found, with some tests.
>>> >>>> > Basicly it turns out that You should add headers in page
and to
>>> >>>> response.
>>> >>>> >
>>> >>>> > [1] -
>>> >>>>
>>> http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html
>>> >>>> >
>>> >>>> > Best greetings,
>>> >>>> > Paweł Wielgus.
>>> >>>> >
>>> >>>> > 2009/1/21 shekher awasthi <shekher.awasthi@gmail.com>:
>>> >>>> >> Is it possible that either i should only put these
header in the
>>> >>>> logout
>>> >>>> >> action
>>> >>>> >>
>>> >>>> >> where i am removing the session and den redirecting
the user to
>>> index
>>> >>>> page
>>> >>>> >> something like this
>>> >>>> >>
>>> >>>> >> HttpServletResponse response=null;
>>> >>>> >>         response=ServletActionContext.getResponse();
>>> >>>> >>
>>> >>>> >>             response.setHeader("Pragma", "no-cache");
>>> >>>> >>             response.setHeader("Cache-Control", "no-cache");
>>> >>>> >>             response.setHeader("Expires", "0");
>>> >>>> >>
>>> >>>> >> or can we create a interceptor which can do this for
all the
>>> request
>>> >>>> wheer
>>> >>>> >> we want this feature??
>>> >>>> >>
>>> >>>> >> 2009/1/21 shekher awasthi <shekher.awasthi@gmail.com>
>>> >>>> >>
>>> >>>> >>> i tried using setting the eader values but they
are not working
>>> as
>>> >>>> expected
>>> >>>> >>> i can even
>>> >>>> >>>
>>> >>>> >>> go and move back using broswer back button.
>>> >>>> >>>
>>> >>>> >>> if i will find anything helpfull will share with
you
>>> >>>> >>> till then hard luck
>>> >>>> >>> :)
>>> >>>> >>>
>>> >>>> >>> 2009/1/21 Paweł Wielgus <poulwiel@gmail.com>
>>> >>>> >>>
>>> >>>> >>> Hi Shekher,
>>> >>>> >>>> what i meant is that it can be done from server
side.
>>> >>>> >>>> Check for example Your e-banking application,
i did it on mine
>>> :-).
>>> >>>> >>>> There, when You press back button browser won't
serve You cached
>>> >>>> page
>>> >>>> >>>> but ask server for fresh one - this is controlled
with
>>> content-cache
>>> >>>> >>>> and pragma, but i can't be more helpfull to
You here because i
>>> >>>> haven't
>>> >>>> >>>> done it before.
>>> >>>> >>>>
>>> >>>> >>>> Best greetings,
>>> >>>> >>>> Paweł Wielgus.
>>> >>>> >>>>
>>> >>>> >>>>
>>> >>>> >>>> 2009/1/21 shekher awasthi <shekher.awasthi@gmail.com>:
>>> >>>> >>>>  > Hi Paweł,
>>> >>>> >>>> >
>>> >>>> >>>> > thats true it only send request to server
if  i will refresh
>>> the
>>> >>>> page
>>> >>>> >>>> and
>>> >>>> >>>> > for that i have already custom interceptor
places which is
>>> >>>> checking the
>>> >>>> >>>> user
>>> >>>> >>>> > object in session in order to confirm
that the request is from
>>> >>>> >>>> authorized
>>> >>>> >>>> > user
>>> >>>> >>>> >
>>> >>>> >>>> > but when i make use of back button it
serve the page from the
>>> >>>> local
>>> >>>> >>>> > chache,so the problem is related to client
side more than that
>>> of
>>> >>>> server
>>> >>>> >>>> > handling
>>> >>>> >>>> >
>>> >>>> >>>> > still trying to find a firm solution for
it
>>> >>>> >>>> >
>>> >>>> >>>> > 2009/1/20 Paweł Wielgus <poulwiel@gmail.com>
>>> >>>> >>>> >
>>> >>>> >>>> >> Hi Shekher,
>>> >>>> >>>> >> first try this scenario:
>>> >>>> >>>> >> 1. logout user
>>> >>>> >>>> >> 2. back button - check for logs if
action was fired
>>> >>>> >>>> >> 3. refresh page - check for logs if
action was fired
>>> >>>> >>>> >> Most likely only the 3. will fire
action because browser will
>>> >>>> serve
>>> >>>> >>>> >> cached version of that page.
>>> >>>> >>>> >> I was about to write that to deal
with it You can use https
>>> >>>> scheme,
>>> >>>> >>>> >> but i just got it checked and it's
not true. So maybe using
>>> >>>> pragma and
>>> >>>> >>>> >> or cache-control will do?
>>> >>>> >>>> >>
>>> >>>> >>>> >> Still user can disable javascript
so solution with script
>>> might
>>> >>>> not
>>> >>>> >>>> work.
>>> >>>> >>>> >> If You find out anything more please
let us know.
>>> >>>> >>>> >>
>>> >>>> >>>> >> Best greetings,
>>> >>>> >>>> >> Paweł Wielgus.
>>> >>>> >>>> >>
>>> >>>> >>>> >>
>>> >>>> >>>> >> 2009/1/20 Robert Graf-Waczenski <rgw@lsoft.com>:
>>> >>>> >>>> >>  > You don't write if the browser
back button is supposed to
>>> be
>>> >>>> >>>> functional
>>> >>>> >>>> >> in
>>> >>>> >>>> >> > your application (in many cases
it is not, but YMMV).
>>> >>>> >>>> >> >
>>> >>>> >>>> >> > If you want to disable the browser
back button, use the
>>> code
>>> >>>> below in
>>> >>>> >>>> all
>>> >>>> >>>> >> > your pages:
>>> >>>> >>>> >> >
>>> >>>> >>>> >> > <script type="text/javascript">
>>> >>>> >>>> >> > history.forward();
>>> >>>> >>>> >> > </script>
>>> >>>> >>>> >> >
>>> >>>> >>>> >> > I'm not aware of any feature
in Struts2 that deals with the
>>> >>>> browser
>>> >>>> >>>> back
>>> >>>> >>>> >> > button.
>>> >>>> >>>> >> >
>>> >>>> >>>> >> > Robert
>>> >>>> >>>> >> >
>>> >>>> >>>> >> >
>>> >>>> >>>> >> > shekher awasthi wrote:
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> Hi All,
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> in the process of developing
application using struts
>>> 2.0.11,
>>> >>>> i came
>>> >>>> >>>> >> >> across
>>> >>>> >>>> >> >> the problem of handling browser
back/forward button.
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> This problem is occurring
when we will logout the user.On
>>> >>>> Clicking
>>> >>>> >>>> the
>>> >>>> >>>> >> >> logout button we are currently
removing the user from the
>>> >>>> session
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> and it worked fine for us.
After the successful logout
>>> process
>>> >>>> user
>>> >>>> >>>> will
>>> >>>> >>>> >> >> be
>>> >>>> >>>> >> >> redirected to the index page(which
have the login field),
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> but when user hits the browser
back button he is getting
>>> >>>> himself
>>> >>>> >>>> there
>>> >>>> >>>> >> in
>>> >>>> >>>> >> >> the secure page even we have
remove the user object from
>>> the
>>> >>>> session
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> below is the code we are
using for removing the user
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> session.remove(BSConstant.USER);
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> i am clueless where we are
doing wrong , as we think we
>>> are
>>> >>>> having
>>> >>>> >>>> two
>>> >>>> >>>> >> >> points
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> 1) Either the user is not
getting removed from the
>>> session,but
>>> >>>> the
>>> >>>> >>>> >> chances
>>> >>>> >>>> >> >> are very less as for all
other call after logout it is
>>> forcing
>>> >>>> the
>>> >>>> >>>> user
>>> >>>> >>>> >> to
>>> >>>> >>>> >> >> login first.
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> 2) Back button handling is
not there
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> my question is, Is there
any way in struts2 to handle
>>> browser
>>> >>>> >>>> >> back/forward
>>> >>>> >>>> >> >> button or do i need to use
some other technique like
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> setting response header
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> any suggestion in this regard
will be much appreciated.
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >> -s
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >>
>>> >>>> >>>> >> >
>>> >>>> >>>> >> >
>>> >>>> >>>> >> >
>>> >>>> ---------------------------------------------------------------------
>>> >>>> >>>> >> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>> >>>> >>>> >> > For additional commands, e-mail:
>>> user-help@struts.apache.org
>>> >>>> >>>> >> >
>>> >>>> >>>> >> >
>>> >>>> >>>> >>
>>> >>>> >>>> >>
>>> >>>> ---------------------------------------------------------------------
>>> >>>> >>>> >> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>> >>>> >>>> >> For additional commands, e-mail: user-help@struts.apache.org
>>> >>>> >>>> >>
>>> >>>> >>>> >>
>>> >>>> >>>> >
>>> >>>> >>>>
>>> >>>> >>>>
>>> >>>> ---------------------------------------------------------------------
>>> >>>> >>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>> >>>> >>>> For additional commands, e-mail: user-help@struts.apache.org
>>> >>>> >>>>
>>> >>>> >>>>
>>> >>>> >>>
>>> >>>> >>
>>> >>>> >
>>> >>>> >
>>> ---------------------------------------------------------------------
>>> >>>> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>> >>>> > For additional commands, e-mail: user-help@struts.apache.org
>>> >>>> >
>>> >>>> >
>>> >>>> >
>>> >>>> >
>>> >>>> >
>>> >>>>
>>> >>>> ---------------------------------------------------------------------
>>> >>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>> >>>> For additional commands, e-mail: user-help@struts.apache.org
>>> >>>>
>>> >>>>
>>> >>>
>>> >>
>>> >
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: user-help@struts.apache.org
>>>
>>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message