tags:

views:

28

answers:

1
Q: 

Expire the page after submission

I'm implementing an iAuth form for a credit application in a J2EE container (JSTL+JSP+Stripes). The vendor states in the implementation guide:

Expire the “Questions” page after answers submission

When performing iAuth transactions you will need to “expire” the page on which the consumer's questions will be displayed after they have submitted their answers. This is crucial in order to prevent a consumer from using the "back" button to modify their answers after they have already submitted them once and found that their authentication attempt was unsuccessful. Once the answers to a question set have been transmitted to vendor, that question session is closed. Any additional attempts at modifying the answers to the same question set will result in an "invalid transaction-continue" response.

I am unsure what this means.

Are "they" suggesting just setting "Cache-Control" and/or "Pragma" headers on the form page?

+1  A: 

Well you can use HTTP related techniques to expire pages. But those methods are rather what I consider "soft" techniques.

To better secure your system, you may want to follow this kind of server-side implementation:

Page A refers to the page that goes to the Form Page and Page B is the controller which receives the information posted by Form Page.

  1. User visits Page A
  2. Page A determines that the Form Page should be viewable to User
  3. Page A creates a session variable A and sets it to true
  4. Page A shows a link, or redirect the User, to Form Page
  5. Form Page determines whether User can view the page by checking session variable A
  6. Form Page displays the form.
  7. User enters the information and submits the form
  8. Form Page post data to Page B
  9. Page B receives the information, validate, and delete session variable A

Of course it can be even more complex with time checking (whether the User took too long from Page A to Form B, or took merely a second to submit Form Page to Page B).

When it comes to security in networking: Server side > Client Side

thephpdeveloper  2010-09-07 17:47:45
When you say "you can use HTTP related techniques to expire pages" and call them "soft techniques" are you also saying that the use of `Pragma` and `Cache-Control` answer the integration recommendation by the _vendor_ as noted?
javafueled  2010-09-08 15:12:54

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?