Hi Paweł,
another way we can do this by using SSL
as we are dealing in secure zone so using SSL for this might be a good case.
the application i have seen so far who have dealt with this back/forward
button always using HTTPS protocol.
i am also diving in to this case study and will share the results
On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote:
>
> one of the banking application site which i tested today
>
> when user get logged off from and try to hit the back button he will be
> shown a different page
> instead the one in the cache
> so i am also loking in to this aspect.
>
>
> On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote:
>>
>> using javascript is not a sure short solution
>> as i tested it throughly and javascript behaviour is not consistent
>> throught
>>
>> regarding setting header i did this i developed a custom interceptor which
>> is doing this
>>
>> but again its not worked as expected.
>> i am still clueless how online banking application doing this trick
>>
>> i am still on R&D mode for this if find anything will share it
>>
>>
>> On 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote:
>>>
>>> Hi Ehtesham,
>>> it was said before on this thread that user can simply turn of
>>> javascript whenever he wants,
>>> thats why i was looking for more server controlled solution. But thank
>>> You for pointing it out, You made me to add it to my blog post.
>>>
>>> Best greetings,
>>> Paweł Wielgus.
>>>
>>> 2009/1/22 Ehteshamul Haque <ehsho...@yahoo.com>:
>>> >
>>> >
>>> >
>>> > Hi,
>>> >
>>> > I am not that much expert I I used the following javascript code before
>>> in each page and it workded fine.
>>> >
>>> >
>>> > <script language="JavaScript">
>>> > var x=window.history.length;
>>> > if (window.history[x]!=window.location)
>>> > {
>>> > window.history.forward();
>>> > }
>>> > </script>
>>> >
>>> > If it work for you I will be very happy.
>>> >
>>> > Thank you.
>>> >
>>> > -Ehtesham
>>> >
>>> >
>>> > --- On Thu, 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote:
>>> >
>>> > From: Paweł Wielgus <poulw...@gmail.com>
>>> > Subject: Re: Handling Browser Back/Forward Button in Struts2
>>> > To: "Struts Users Mailing List" <user@struts.apache.org>
>>> > Date: Thursday, January 22, 2009, 12:34 AM
>>> >
>>> > Hi Shekher,
>>> > it was very interesting subject, so i dig a little more.
>>> > Here [1] is what i found, with some tests.
>>> > Basicly it turns out that You should add headers in page and to
>>> response.
>>> >
>>> > [1] -
>>> http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html
>>> >
>>> > Best greetings,
>>> > Paweł Wielgus.
>>> >
>>> > 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>:
>>> >> Is it possible that either i should only put these header in the
>>> logout
>>> >> action
>>> >>
>>> >> where i am removing the session and den redirecting the user to index
>>> page
>>> >> something like this
>>> >>
>>> >> HttpServletResponse response=null;
>>> >> response=ServletActionContext.getResponse();
>>> >>
>>> >> response.setHeader("Pragma", "no-cache");
>>> >> response.setHeader("Cache-Control", "no-cache");
>>> >> response.setHeader("Expires", "0");
>>> >>
>>> >> or can we create a interceptor which can do this for all the request
>>> wheer
>>> >> we want this feature??
>>> >>
>>> >> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>
>>> >>
>>> >>> i tried using setting the eader values but they are not working as
>>> expected
>>> >>> i can even
>>> >>>
>>> >>> go and move back using broswer back button.
>>> >>>
>>> >>> if i will find anything helpfull will share with you
>>> >>> till then hard luck
>>> >>> :)
>>> >>>
>>> >>> 2009/1/21 Paweł Wielgus <poulw...@gmail.com>
>>> >>>
>>> >>> Hi Shekher,
>>> >>>> what i meant is that it can be done from server side.
>>> >>>> Check for example Your e-banking application, i did it on mine :-).
>>> >>>> There, when You press back button browser won't serve You cached
>>> page
>>> >>>> but ask server for fresh one - this is controlled with content-cache
>>> >>>> and pragma, but i can't be more helpfull to You here because i
>>> haven't
>>> >>>> done it before.
>>> >>>>
>>> >>>> Best greetings,
>>> >>>> Paweł Wielgus.
>>> >>>>
>>> >>>>
>>> >>>> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>:
>>> >>>> > Hi Paweł,
>>> >>>> >
>>> >>>> > thats true it only send request to server if i will refresh the
>>> page
>>> >>>> and
>>> >>>> > for that i have already custom interceptor places which is
>>> checking the
>>> >>>> user
>>> >>>> > object in session in order to confirm that the request is from
>>> >>>> authorized
>>> >>>> > user
>>> >>>> >
>>> >>>> > but when i make use of back button it serve the page from the
>>> local
>>> >>>> > chache,so the problem is related to client side more than that of
>>> server
>>> >>>> > handling
>>> >>>> >
>>> >>>> > still trying to find a firm solution for it
>>> >>>> >
>>> >>>> > 2009/1/20 Paweł Wielgus <poulw...@gmail.com>
>>> >>>> >
>>> >>>> >> Hi Shekher,
>>> >>>> >> first try this scenario:
>>> >>>> >> 1. logout user
>>> >>>> >> 2. back button - check for logs if action was fired
>>> >>>> >> 3. refresh page - check for logs if action was fired
>>> >>>> >> Most likely only the 3. will fire action because browser will
>>> serve
>>> >>>> >> cached version of that page.
>>> >>>> >> I was about to write that to deal with it You can use https
>>> scheme,
>>> >>>> >> but i just got it checked and it's not true. So maybe using
>>> pragma and
>>> >>>> >> or cache-control will do?
>>> >>>> >>
>>> >>>> >> Still user can disable javascript so solution with script might
>>> not
>>> >>>> work.
>>> >>>> >> If You find out anything more please let us know.
>>> >>>> >>
>>> >>>> >> Best greetings,
>>> >>>> >> Paweł Wielgus.
>>> >>>> >>
>>> >>>> >>
>>> >>>> >> 2009/1/20 Robert Graf-Waczenski <r...@lsoft.com>:
>>> >>>> >> > You don't write if the browser back button is supposed to be
>>> >>>> functional
>>> >>>> >> in
>>> >>>> >> > your application (in many cases it is not, but YMMV).
>>> >>>> >> >
>>> >>>> >> > If you want to disable the browser back button, use the code
>>> below in
>>> >>>> all
>>> >>>> >> > your pages:
>>> >>>> >> >
>>> >>>> >> > <script type="text/javascript">
>>> >>>> >> > history.forward();
>>> >>>> >> > </script>
>>> >>>> >> >
>>> >>>> >> > I'm not aware of any feature in Struts2 that deals with the
>>> browser
>>> >>>> back
>>> >>>> >> > button.
>>> >>>> >> >
>>> >>>> >> > Robert
>>> >>>> >> >
>>> >>>> >> >
>>> >>>> >> > shekher awasthi wrote:
>>> >>>> >> >>
>>> >>>> >> >> Hi All,
>>> >>>> >> >>
>>> >>>> >> >> in the process of developing application using struts 2.0.11,
>>> i came
>>> >>>> >> >> across
>>> >>>> >> >> the problem of handling browser back/forward button.
>>> >>>> >> >>
>>> >>>> >> >> This problem is occurring when we will logout the user.On
>>> Clicking
>>> >>>> the
>>> >>>> >> >> logout button we are currently removing the user from the
>>> session
>>> >>>> >> >>
>>> >>>> >> >> and it worked fine for us. After the successful logout process
>>> user
>>> >>>> will
>>> >>>> >> >> be
>>> >>>> >> >> redirected to the index page(which have the login field),
>>> >>>> >> >>
>>> >>>> >> >> but when user hits the browser back button he is getting
>>> himself
>>> >>>> there
>>> >>>> >> in
>>> >>>> >> >> the secure page even we have remove the user object from the
>>> session
>>> >>>> >> >>
>>> >>>> >> >> below is the code we are using for removing the user
>>> >>>> >> >>
>>> >>>> >> >> session.remove(BSConstant.USER);
>>> >>>> >> >>
>>> >>>> >> >> i am clueless where we are doing wrong , as we think we are
>>> having
>>> >>>> two
>>> >>>> >> >> points
>>> >>>> >> >>
>>> >>>> >> >> 1) Either the user is not getting removed from the session,but
>>> the
>>> >>>> >> chances
>>> >>>> >> >> are very less as for all other call after logout it is forcing
>>> the
>>> >>>> user
>>> >>>> >> to
>>> >>>> >> >> login first.
>>> >>>> >> >>
>>> >>>> >> >> 2) Back button handling is not there
>>> >>>> >> >>
>>> >>>> >> >> my question is, Is there any way in struts2 to handle browser
>>> >>>> >> back/forward
>>> >>>> >> >> button or do i need to use some other technique like
>>> >>>> >> >>
>>> >>>> >> >> setting response header
>>> >>>> >> >>
>>> >>>> >> >> any suggestion in this regard will be much appreciated.
>>> >>>> >> >>
>>> >>>> >> >> -s
>>> >>>> >> >>
>>> >>>> >> >>
>>> >>>> >> >
>>> >>>> >> >
>>> >>>> >> >
>>> ---------------------------------------------------------------------
>>> >>>> >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>> >>>> >> > For additional commands, e-mail: user-h...@struts.apache.org
>>> >>>> >> >
>>> >>>> >> >
>>> >>>> >>
>>> >>>> >>
>>> ---------------------------------------------------------------------
>>> >>>> >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>> >>>> >> For additional commands, e-mail: user-h...@struts.apache.org
>>> >>>> >>
>>> >>>> >>
>>> >>>> >
>>> >>>>
>>> >>>>
>>> ---------------------------------------------------------------------
>>> >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>> >>>> For additional commands, e-mail: user-h...@struts.apache.org
>>> >>>>
>>> >>>>
>>> >>>
>>> >>
>>> >
>>> > ---------------------------------------------------------------------
>>> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>> > For additional commands, e-mail: user-h...@struts.apache.org
>>> >
>>> >
>>> >
>>> >
>>> >
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>> For additional commands, e-mail: user-h...@struts.apache.org
>>>
>>>
>>
>
