Session management with Back and Forward buttons from browser.
[296 byte] By [Suresh_hia] at [2007-10-3 1:08:04] 
How to invalidate the session in JSP, when you use the Back or Forward button from the browser (Internet Explorer).To put it simply, I want to prevent the usage of Back and Forward buttons from the browser, when I logged into a session.I am managing session with HTTPsession.
by using java script u can disable the functionality of forward and back buttonhere the code goes<script language="Javascript">{window.history.forward(1);}</script>with regards,aleem basha
aleem@1241a at 2007-7-14 18:04:51 >
Hi Aleem Bhasa,would you mind explain how it works.Thanks and regards,suresh.
Suresh_hia at 2007-7-14 18:04:51 >
It doesn't, its utter nonsense.
The fact is that you have no control over what the user does in the browser: you cannot disable any buttons, you cannot force the user to do anything, he or she is in total control and that's only a good thing. The only thing you can do is make sure that your webapp doesn't blow up when he does such things.
For example: there is the refresh button. When the user presses it, and be sure that he/she/it will do that regularly, the last request sent will be sent again. If that last request included some kind of database manipulation, that will also be performed again, something you absolutely do not want.
So what you can do is after doing such a transaction, perform a redirect to the results page in stead of displaying the results in the same request. Then when the user presses the refresh button the redirect will be performed again, not the database transaction.
The same goes for the back button: when the user presses it he/she will go back to the redirect and instantly be kicked back (if this is what you want depends on the application: it is very unfriendly to the user when this happens).
I hope that gives you some idea about your role in the whole web application environment: you are not the boss.
gimbal2a at 2007-7-14 18:04:51 >
I got the picture..
I know that its not user friendly. Yet I need to implement for some security reasons.
I have implemented the same way as you explained, like after finishing the transaction move to the result page. But here I have used forward() method to redirect to the result page. But if I press Back button from browser, I am getting the previous trnasaction page, which I don't want to, unless I have include the Back option in my result page.
give me some code to implement the steps u implemented, if possible.
Suresh_hia at 2007-7-14 18:04:51 >
A forward happens on the server side, this will NOT do what I suggested. I'm talking about a redirect, which is done by the browser. The browser cannot and will never know that a forward happened.
There are multiple ways to do a redirect, one is to output a simple HTML page that does it (with either javascript or a meta refresh), or you could use the jsp:redirect tag element.
Check out point 4 on this page:
http://www.oreillynet.com/pub/a/oreilly/java/news/jsptips_1100.html
gimbal2a at 2007-7-14 18:04:51 >
thanks gimabal.I will chek the link and let u know.regardssuresh.
Suresh_hia at 2007-7-14 18:04:51 >
Enterprise & Remote Computing New Topic
Enterprise & Remote Computing Hot Topic
Enterprise & Remote Computing
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding