I have an ASP.NET MVC application, with three views: view1, view2, view3. The logic way for the user to navigate through these is: view1 -> view2 -> view3.
When the user reaches view3, then I must prevent them from loading view2, even by using the "Back" button in their browser.
What is a good, browser-independent means of implementing this?
That is outside of the scope of javascript, and cannot be disabled (though you can tell the browser to go forward or back, you cannot prevent it). You would need a server side solution to disallow access to the pages.
Add a check of referrer page on page load in your application and then show a page or redirect user back to used view. You cannot manipulate or disallow basic navigation on client, but you can solve this problem server-side
In most of the applications you have to cope with the back ability from the browser. The user is used to it and he wants to use it and he more or less will hate pages that try to trick them when going back and forward.
Don't try to fool you user think about what he wanted to do and then try do deliver a not completely broken page.
There is no JavaScript solution, it would have to be implemented server side.
I can't comment on the earlier posts, but note that some browsers don't pass referrers, and thus the earlier solution would break (throw an exception, actually).
There are two steps to this:
1) You have to prevent browser-side caching. If you've got a three step process that the user walks through and it's dynamic, you're probably already doing this. If you don't prevent caching, the back button will show the cache of view1. Since step 2 is done server-side, the server won't have a chance to do anything.
2) You need to, as previous poster's have said, do something on the serverside to prevent the display. There are two ways to do this (despite my really bad pseudo code).
a) The quick & dirty way is based on the referer. For example, you'd put the following check on the controller for view2:
if (request.urlreferrer.absolutepath == "controllerview1")
{ //good }
else
{ //bad }
Also, in the case of "bad", you'll have to consider what to do. If you're using forms to pass values back and forth, you've suddenly lost when the user goes back to view2.
Note, though, that some browsers don't ever pass referrers and the above check won't do any good (and request.urlrefferer will be null). (I believe this is generally due to firewalls.) In which case you'd have to do:
b) I've done something like this before. The controller view1/2/3 is essentially a wizard where they're walking through the system. Each controller updates the db row associated with the wizard. So, view 2 would do something like:
if (dbrow.last_saved_page_num == 1)
{ // good }
else
{ // bad
redirect("view" + dbrow.last_saved_page_num + 1);
}