struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paweł Wielgus <poulw...@gmail.com>
Subject Re: Handling Browser Back/Forward Button in Struts2
Date Mon, 30 Mar 2009 23:36:10 GMT
Hi Shekher,
i just added a small app, that work for me, on my blog post,
if You are still interested, it's been a while - sorry for the lag,
You can download it from there.
http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html

Best greetings,
Pawel Wielgus.

2009/1/26, shekher awasthi <shekher.awasthi@gmail.com>:
> Thanks Pawel for such detalied description
>
> i did all the things as mentioned by you but still its not working for me
>
> regarding SSL its working for me bt still caching problem is there
>
> i will again dig deep in to it and if you can provide me a small app that
> will be wonderfull i can use that to compare my functionality so that i can
> find out where i am doing wrong or whats going wrong in my application.
>
>
> On 1/26/09, Paweł Wielgus <poulwiel@gmail.com> wrote:
>>
>> Hi Shekher,
>> what i did is:
>> 1. I added on every page:
>>
>>          <meta http-equiv="Pragma" content="no-cache"/>
>>          <meta http-equiv="Cache-Control" content="no-cache"/>
>>          <meta http-equiv="Expires" content="-1"/>
>>
>> - in <head> section at the begining of page and after <body> just
>> before </html> i added:
>>
>> <head>
>>          <meta http-equiv="pragma" content="no-cache"/>
>>          <meta http-equiv="cache-control" content="no-cache"/>
>>          <meta http-equiv="expires" content="-1"/>
>> </head>
>> - so it is doubled!
>>
>> 2. I added to every response:
>>
>>        response.setHeader("Pragma", "no-cache");
>>        response.setHeader("Cache-Control", "no-cache");
>>        response.setHeader("Expires", "-1");
>>
>> And that's working for me under ssl. As for ssl it has nothing to do
>> with struts2, it's controlled by tomcat or any other server You are
>> using, i know there is ssl-plugin for s2 but i honestly don't know
>> what for, maybe it is targeted for checking if request is under ssl
>> and if not redirecting to ssl connection, but it's not turning ssl on
>> for sure.
>>
>> If that won't help i can make a little app and pack it up for You, but
>> it can take some time.
>>
>> Best greetings,
>> Paweł Wielgus.
>>
>> 2009/1/25 shekher awasthi <shekher.awasthi@gmail.com>:
>> > Hi Hi Paweł,
>> >
>> > i tried all the way in secure way
>> >
>> > i implimented SSL and now my tomcat is running on port 8443 usinh https
>> > protocol
>> > i have created a custom interceptor for setting the header values
>> >
>> > when user click logg off button this custom interceptor is working
>> setting
>> > the header values below is the code i am using
>> >
>> > ActionContext context=invocation.getInvocationContext();
>> >            HttpServletResponse
>> > response=(HttpServletResponse)context.get(StrutsStatics.HTTP_RESPONSE);
>> >            if(response!=null){
>> >                System.out.println("**********setting
>> > header**************");
>> >                response.setHeader("Cache-Control", "must-revalidate");
>> >                response.setHeader("Cache-Control", "max-age=0");
>> >                response.setHeader("Pragma", "no-cache");//HTTP 1.1
>> >                response.setDateHeader ("Expires", 0); //prevents caching
>> at
>> > the proxy
>> >                response.setHeader("Cache-Control","no-store"); //HTTP
>> > 1.1
>> >
>> >            }
>> >
>> > and on my logot message i have something like this
>> >
>> > <META content="MSHTML 6.00.2900.2180" name=GENERATOR>
>> > <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
>> > <META HTTP-EQUIV="EXPIRES" CONTENT="-1">
>> > <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
>> >
>> > but still results are same
>> > i can go back to secure page using browser back button
>> > any idea  why this is going on??
>> >
>> > or do i need to set anything apart from this?
>> >
>> > -shekher
>> >
>> > On Fri, Jan 23, 2009 at 9:06 PM, shekher awasthi
>> > <shekher.awasthi@gmail.com>wrote:
>> >
>> >> Can you guide me the way how to use SSL in struts2 i am looking in to
>> this
>> >>
>> >> IDE i am using is MyEclispe
>> >>
>> >> and i am testing it using tomcat
>> >>
>> >> On Fri, Jan 23, 2009 at 7:33 PM, Paweł Wielgus <poulwiel@gmail.com>
>> wrote:
>> >>
>> >>> Hi Shekher,
>> >>> all my testing was under SSL connection. So without pragma and cache
>> >>> control it's not working - sadly.
>> >>>
>> >>> Best greetings,
>> >>> Paweł Wielgus.
>> >>>
>> >>> 2009/1/22 shekher awasthi <shekher.awasthi@gmail.com>:
>> >>>  > Hi Paweł,
>> >>> >
>> >>> > another way we can do this by using SSL
>> >>> > as we are dealing in secure zone so using SSL for this might be
a
>> good
>> >>> case.
>> >>> >
>> >>> > the application i have seen so far who have dealt with this
>> back/forward
>> >>> > button always using HTTPS protocol.
>> >>> >
>> >>> > i am also diving in to this case study and will share the results
>> >>> >
>> >>> >
>> >>> > On 1/22/09, shekher awasthi <shekher.awasthi@gmail.com> wrote:
>> >>> >>
>> >>> >> one of the banking application site which i tested today
>> >>> >>
>> >>> >> when user get logged off from and try to hit the back button
he
>> >>> >> will
>> be
>> >>> >> shown a different page
>> >>> >> instead the one in the cache
>> >>> >> so i am also loking in to this aspect.
>> >>> >>
>> >>> >>
>> >>> >>  On 1/22/09, shekher awasthi <shekher.awasthi@gmail.com>
wrote:
>> >>> >>>
>> >>> >>> using javascript is not a sure short solution
>> >>> >>> as i tested it throughly and javascript behaviour is not
>> >>> >>> consistent
>> >>> >>> throught
>> >>> >>>
>> >>> >>> regarding setting header i did this i developed a custom
>> interceptor
>> >>> which
>> >>> >>> is doing this
>> >>> >>>
>> >>> >>> but again its not worked as expected.
>> >>> >>> i am still clueless how online banking application doing
this
>> >>> >>> trick
>> >>> >>>
>> >>> >>> i am still on R&D mode for this if find anything will
share it
>> >>> >>>
>> >>> >>>
>> >>> >>>  On 1/22/09, Paweł Wielgus <poulwiel@gmail.com>
wrote:
>> >>> >>>>
>> >>> >>>> Hi Ehtesham,
>> >>> >>>> it was said before on this thread that user can simply
turn of
>> >>> >>>> javascript whenever he wants,
>> >>> >>>> thats why i was looking for more server controlled
solution. But
>> >>> thank
>> >>> >>>> You for pointing it out, You made me to add it to my
blog post.
>> >>> >>>>
>> >>> >>>> Best greetings,
>> >>> >>>> Paweł Wielgus.
>> >>> >>>>
>> >>> >>>> 2009/1/22 Ehteshamul Haque <ehshopon@yahoo.com>:
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> > Hi,
>> >>> >>>> >
>> >>> >>>> > I am not that much expert I I used the following
javascript
>> >>> >>>> > code
>> >>> before
>> >>> >>>> in each page and it workded fine.
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> > <script language="JavaScript">
>> >>> >>>> > var x=window.history.length;
>> >>> >>>> > if (window.history[x]!=window.location)
>> >>> >>>> > {
>> >>> >>>> >     window.history.forward();
>> >>> >>>> > }
>> >>> >>>> > </script>
>> >>> >>>> >
>> >>> >>>> > If it work for you I will be very happy.
>> >>> >>>> >
>> >>> >>>> > Thank you.
>> >>> >>>> >
>> >>> >>>> > -Ehtesham
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> > --- On Thu, 1/22/09, Paweł Wielgus <poulwiel@gmail.com>
wrote:
>> >>> >>>> >
>> >>> >>>> > From: Paweł Wielgus <poulwiel@gmail.com>
>> >>> >>>> > Subject: Re: Handling Browser Back/Forward Button
in Struts2
>> >>> >>>> > To: "Struts Users Mailing List" <user@struts.apache.org>
>> >>> >>>> > Date: Thursday, January 22, 2009, 12:34 AM
>> >>> >>>> >
>> >>> >>>> > Hi Shekher,
>> >>> >>>> > it was very interesting subject, so i dig a little
more.
>> >>> >>>> > Here [1] is what i found, with some tests.
>> >>> >>>> > Basicly it turns out that You should add headers
in page and to
>> >>> >>>> response.
>> >>> >>>> >
>> >>> >>>> > [1] -
>> >>> >>>>
>> >>>
>> http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html
>> >>> >>>> >
>> >>> >>>> > Best greetings,
>> >>> >>>> > Paweł Wielgus.
>> >>> >>>> >
>> >>> >>>> > 2009/1/21 shekher awasthi <shekher.awasthi@gmail.com>:
>> >>> >>>> >> Is it possible that either i should only put
these header in
>> the
>> >>> >>>> logout
>> >>> >>>> >> action
>> >>> >>>> >>
>> >>> >>>> >> where i am removing the session and den redirecting
the user
>> >>> >>>> >> to
>> >>> index
>> >>> >>>> page
>> >>> >>>> >> something like this
>> >>> >>>> >>
>> >>> >>>> >> HttpServletResponse response=null;
>> >>> >>>> >>         response=ServletActionContext.getResponse();
>> >>> >>>> >>
>> >>> >>>> >>             response.setHeader("Pragma", "no-cache");
>> >>> >>>> >>             response.setHeader("Cache-Control",
"no-cache");
>> >>> >>>> >>             response.setHeader("Expires",
"0");
>> >>> >>>> >>
>> >>> >>>> >> or can we create a interceptor which can do
this for all the
>> >>> request
>> >>> >>>> wheer
>> >>> >>>> >> we want this feature??
>> >>> >>>> >>
>> >>> >>>> >> 2009/1/21 shekher awasthi <shekher.awasthi@gmail.com>
>> >>> >>>> >>
>> >>> >>>> >>> i tried using setting the eader values
but they are not
>> working
>> >>> as
>> >>> >>>> expected
>> >>> >>>> >>> i can even
>> >>> >>>> >>>
>> >>> >>>> >>> go and move back using broswer back button.
>> >>> >>>> >>>
>> >>> >>>> >>> if i will find anything helpfull will
share with you
>> >>> >>>> >>> till then hard luck
>> >>> >>>> >>> :)
>> >>> >>>> >>>
>> >>> >>>> >>> 2009/1/21 Paweł Wielgus <poulwiel@gmail.com>
>> >>> >>>> >>>
>> >>> >>>> >>> Hi Shekher,
>> >>> >>>> >>>> what i meant is that it can be done
from server side.
>> >>> >>>> >>>> Check for example Your e-banking application,
i did it on
>> mine
>> >>> :-).
>> >>> >>>> >>>> There, when You press back button
browser won't serve You
>> cached
>> >>> >>>> page
>> >>> >>>> >>>> but ask server for fresh one - this
is controlled with
>> >>> content-cache
>> >>> >>>> >>>> and pragma, but i can't be more helpfull
to You here because
>> i
>> >>> >>>> haven't
>> >>> >>>> >>>> done it before.
>> >>> >>>> >>>>
>> >>> >>>> >>>> Best greetings,
>> >>> >>>> >>>> Paweł Wielgus.
>> >>> >>>> >>>>
>> >>> >>>> >>>>
>> >>> >>>> >>>> 2009/1/21 shekher awasthi <shekher.awasthi@gmail.com>:
>> >>> >>>> >>>>  > Hi Paweł,
>> >>> >>>> >>>> >
>> >>> >>>> >>>> > thats true it only send request
to server if  i will
>> refresh
>> >>> the
>> >>> >>>> page
>> >>> >>>> >>>> and
>> >>> >>>> >>>> > for that i have already custom
interceptor places which is
>> >>> >>>> checking the
>> >>> >>>> >>>> user
>> >>> >>>> >>>> > object in session in order to
confirm that the request is
>> from
>> >>> >>>> >>>> authorized
>> >>> >>>> >>>> > user
>> >>> >>>> >>>> >
>> >>> >>>> >>>> > but when i make use of back button
it serve the page from
>> the
>> >>> >>>> local
>> >>> >>>> >>>> > chache,so the problem is related
to client side more than
>> that
>> >>> of
>> >>> >>>> server
>> >>> >>>> >>>> > handling
>> >>> >>>> >>>> >
>> >>> >>>> >>>> > still trying to find a firm solution
for it
>> >>> >>>> >>>> >
>> >>> >>>> >>>> > 2009/1/20 Paweł Wielgus <poulwiel@gmail.com>
>> >>> >>>> >>>> >
>> >>> >>>> >>>> >> Hi Shekher,
>> >>> >>>> >>>> >> first try this scenario:
>> >>> >>>> >>>> >> 1. logout user
>> >>> >>>> >>>> >> 2. back button - check for
logs if action was fired
>> >>> >>>> >>>> >> 3. refresh page - check for
logs if action was fired
>> >>> >>>> >>>> >> Most likely only the 3. will
fire action because browser
>> will
>> >>> >>>> serve
>> >>> >>>> >>>> >> cached version of that page.
>> >>> >>>> >>>> >> I was about to write that
to deal with it You can use
>> https
>> >>> >>>> scheme,
>> >>> >>>> >>>> >> but i just got it checked
and it's not true. So maybe
>> using
>> >>> >>>> pragma and
>> >>> >>>> >>>> >> or cache-control will do?
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >> Still user can disable javascript
so solution with script
>> >>> might
>> >>> >>>> not
>> >>> >>>> >>>> work.
>> >>> >>>> >>>> >> If You find out anything
more please let us know.
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >> Best greetings,
>> >>> >>>> >>>> >> Paweł Wielgus.
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >> 2009/1/20 Robert Graf-Waczenski
<rgw@lsoft.com>:
>> >>> >>>> >>>> >>  > You don't write if
the browser back button is supposed
>> to
>> >>> be
>> >>> >>>> >>>> functional
>> >>> >>>> >>>> >> in
>> >>> >>>> >>>> >> > your application (in
many cases it is not, but YMMV).
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> > If you want to disable
the browser back button, use the
>> >>> code
>> >>> >>>> below in
>> >>> >>>> >>>> all
>> >>> >>>> >>>> >> > your pages:
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> > <script type="text/javascript">
>> >>> >>>> >>>> >> > history.forward();
>> >>> >>>> >>>> >> > </script>
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> > I'm not aware of any
feature in Struts2 that deals with
>> the
>> >>> >>>> browser
>> >>> >>>> >>>> back
>> >>> >>>> >>>> >> > button.
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> > Robert
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> > shekher awasthi wrote:
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> Hi All,
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> in the process of
developing application using struts
>> >>> 2.0.11,
>> >>> >>>> i came
>> >>> >>>> >>>> >> >> across
>> >>> >>>> >>>> >> >> the problem of handling
browser back/forward button.
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> This problem is
occurring when we will logout the
>> user.On
>> >>> >>>> Clicking
>> >>> >>>> >>>> the
>> >>> >>>> >>>> >> >> logout button we
are currently removing the user from
>> the
>> >>> >>>> session
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> and it worked fine
for us. After the successful logout
>> >>> process
>> >>> >>>> user
>> >>> >>>> >>>> will
>> >>> >>>> >>>> >> >> be
>> >>> >>>> >>>> >> >> redirected to the
index page(which have the login
>> field),
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> but when user hits
the browser back button he is
>> getting
>> >>> >>>> himself
>> >>> >>>> >>>> there
>> >>> >>>> >>>> >> in
>> >>> >>>> >>>> >> >> the secure page
even we have remove the user object
>> from
>> >>> the
>> >>> >>>> session
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> below is the code
we are using for removing the user
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> session.remove(BSConstant.USER);
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> i am clueless where
we are doing wrong , as we think
>> >>> >>>> >>>> >> >> we
>> >>> are
>> >>> >>>> having
>> >>> >>>> >>>> two
>> >>> >>>> >>>> >> >> points
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> 1) Either the user
is not getting removed from the
>> >>> session,but
>> >>> >>>> the
>> >>> >>>> >>>> >> chances
>> >>> >>>> >>>> >> >> are very less as
for all other call after logout it is
>> >>> forcing
>> >>> >>>> the
>> >>> >>>> >>>> user
>> >>> >>>> >>>> >> to
>> >>> >>>> >>>> >> >> login first.
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> 2) Back button handling
is not there
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> my question is,
Is there any way in struts2 to handle
>> >>> browser
>> >>> >>>> >>>> >> back/forward
>> >>> >>>> >>>> >> >> button or do i need
to use some other technique like
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> setting response
header
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> any suggestion in
this regard will be much
>> >>> >>>> >>>> >> >> appreciated.
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> -s
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> >
>> >>> >>>>
>> ---------------------------------------------------------------------
>> >>> >>>> >>>> >> > To unsubscribe, e-mail:
>> user-unsubscribe@struts.apache.org
>> >>> >>>> >>>> >> > For additional commands,
e-mail:
>> >>> user-help@struts.apache.org
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >>
>> >>> >>>>
>> ---------------------------------------------------------------------
>> >>> >>>> >>>> >> To unsubscribe, e-mail:
>> user-unsubscribe@struts.apache.org
>> >>> >>>> >>>> >> For additional commands,
e-mail:
>> user-help@struts.apache.org
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >
>> >>> >>>> >>>>
>> >>> >>>> >>>>
>> >>> >>>>
>> ---------------------------------------------------------------------
>> >>> >>>> >>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> >>> >>>> >>>> For additional commands, e-mail: user-help@struts.apache.org
>> >>> >>>> >>>>
>> >>> >>>> >>>>
>> >>> >>>> >>>
>> >>> >>>> >>
>> >>> >>>> >
>> >>> >>>> >
>> >>> ---------------------------------------------------------------------
>> >>> >>>> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> >>> >>>> > For additional commands, e-mail: user-help@struts.apache.org
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>>
>> >>> >>>>
>> ---------------------------------------------------------------------
>> >>> >>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> >>> >>>> For additional commands, e-mail: user-help@struts.apache.org
>> >>> >>>>
>> >>> >>>>
>> >>> >>>
>> >>> >>
>> >>> >
>> >>>
>> >>> ---------------------------------------------------------------------
>> >>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> >>> For additional commands, e-mail: user-help@struts.apache.org
>> >>>
>> >>>
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message