tags:

views:

157

answers:

3

I have developed a simple web application using JSP. It has a login page which contains username, password fields and sumbit button. It has a logout page which contains a link to the login page. And there are some pages like page1, page2, page3, page4, etc.

Normal workflow is the following:

  • After login comes page1.
  • Then click some action and it will go to page2.
  • Then click some action and it will go to page3.
  • Then click some action and it will go to page4. So now I am in page4.
  • Now click back button in navigation toolbar in browser, generally go to previous page (page3).

But my requirement is, if you click back button in navigation toolbar from any page in the application, then you should go to logout page. For example: if you are in page4 and press the back button, then you should go to logout page and not to page3.

How to achieve this? Is it anyway possible? Maybe with Javascript?

+1  A: 

It's in theory possible if you maintain a token in the session scope which indicates the current step and if you disable the client side caching by setting response headers accordingly. If you're using POST, you'll need to implement PRG (post-redirect-get) pattern as well to avoid the client getting a "page expired" error.

After login and before going to page1, store 1 in the session. After submitting page1 and before going to page2, store 2 in the session. And so on. Everytime a page is requested, you check which page is requested and if the page number equals to the number in session and if not, then redirect to the logout page.

If you disable the client side caching and implement the PRG, then the client will guaranteed fire a real GET request instead of requesting the page from the browser cache.

BalusC
Is that really true? I believe Opera has some funky behavior in this respect. See http://dev.opera.com/forums/topic/224464
MSalters
A: 

How can I trace and control the browser back button function in navigation tool-bar?

But my original requirement :

I have developed secured application using JSF framework.

And also i use scope (session scope)

In my application i use this following code ... but not work it...

public class LogoutPhaseListener implements PhaseListener {

public void afterPhase(PhaseEvent event) { }

public void beforePhase(PhaseEvent event) {

    FacesContext facesContext = event.getFacesContext();
    HttpServletResponse httpServletResponse = (HttpServletResponse) facesContext.getExternalContext().getResponse();
    httpServletResponse.addHeader("Pragma", "no-cache");
    httpServletResponse.addHeader("Cache-Control", "no-cache");
    httpServletResponse.addHeader("Cache-Control", "must-revalidate");
    httpServletResponse.addHeader("Expires", "Mon, 8 Aug 2006 10:00:00 GMT");
    httpServletResponse.addHeader("Cache-Control", "no-store");

}

public PhaseId getPhaseId() {

    return PhaseId.RENDER_RESPONSE;

}

}

If i click back button in browser, then it go to previous page...

but i want to go logout page..when i click back button in browser...the above code not perfectly work it..

A: 

Hi, jack. If you know the answer, then post here. Because its help to others.I am always develop secure web application using JSF richfaces. I need same recuirement.

help me about this. Thanks in advance.

EswaraMoorthyNEC