views:

1112

answers:

2

I've inherited a Classic ASP app, and the former author claims that:

 BODY onload="javascript: history.go(1);"

is required to keep the site from "losing sessions"

Has anyone heard of this quirk? I can't fathom it.

A: 

No, this will not stop sessions from (a) expiring or (b) losing the browser cookie which identifies them. Those are the two causes for "losing sessions". As you point out in the comments, this is typically done to hack disabling the back button. It's still used today.

Ken Browning
+4  A: 

It sounds like the old developer was trying to prevent users from navigating using the forward/back browser buttons. If the application was not designed to accomodate users jumping around, suddenly submitting a form from an unexpected page could absolutely ruin a session.

Putting history.go(1) in a script tag in every document forces the browser to jump forward repeatedly to the last-visited page.

Sidnicious