?
Solved

How to:- "Warning: Page Has Expired: The Page You Requested..."

Posted on 2003-03-05
21
Medium Priority
?
946 Views
Last Modified: 2007-12-19
I am working on an administration section to a site and I'd like it so that users can't press their browser's back button to navigate back. Some sites will display a "Warning: Page Has Expired: The Page You Requested..." error page. This is what I'm trying to achieve.

I've tried the following:

<%
Response.Expires = 60 'also tried -60 here
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>

as documented on http://www.learnasp.com/learn/cachenomore.asp but it has no effect.

What's the solution?
0
Comment
Question by:Shad0r
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 3
  • +2
21 Comments
 
LVL 15

Expert Comment

by:gladxml
ID: 8070594
Shad0r,

try this...

Server.ScriptTimeOut = 600
0
 
LVL 15

Expert Comment

by:gladxml
ID: 8070608
Shad0r,

disregard my last comment you can use

session.timeout
0
 
LVL 15

Expert Comment

by:gladxml
ID: 8070611
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:gladxml
ID: 8070654
Shad0r,

You can make an include file like assuming that you have a session variable

<%
      if Session("user_name") = "" then

response.write "Warning: Page Has Expired: The Page You Requested..." error page. "

'link to where the user need ot go

' or you can immediately response.redirect to the login page

end if
%>
0
 

Author Comment

by:Shad0r
ID: 8070709
I can't use session.timeout because I use a session to validate who the user is. When they cannot be validated, a function is called which tries to create a new session based on cookie data. If neither session or cookie exist they they are redirected to the login page.

So a redirect isn't an option, and if I change how long the session is valid for it will just cause them to have their session recreated.

Maybe this "page has expired" thing is an IE only thing, but i'm pretty sure it's to do with caching. If the browser is told that the page it downloads cannot either a) be stored or b) expires immediately, they they cannot navigate back to it without re-requesting it.
0
 
LVL 15

Expert Comment

by:gladxml
ID: 8070789
Shad0r,

It is not a good practice not to close the session

1. security
2. session can consume your resources which will affect the speed of your pages...


Try to check out his link also... might help...

http://www.4guysfromrolla.com/webtech/tips/t022800-1.shtml



articles regarding session

http://www.4guysfromrolla.com/webtech/faq/Advanced/faq4.shtml

 
0
 

Author Comment

by:Shad0r
ID: 8070812
The session is closed when they log out or after the server's default expiration period. I don't see a problem with that.
0
 
LVL 15

Expert Comment

by:gladxml
ID: 8070927
Shad0r,

assuming that the default session.timeout is 90 seconds...
Why not use this to check for the page timeout... just like I had mention earlier...

But anyway I cannot of any other solution right now... Got to go... Till then...

Good luck...

Happy programming...

0
 
LVL 1

Expert Comment

by:topcat_uk
ID: 8071381
Chaps,

Default session timeout is 20 minutes on IIS. Default script time out is 90 seconds.  

But. Both of these have nothing to do with the page has expired message.

Response.Expires = 60
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"


The code you are using is correct and should force the page to expire.

If you want to post an example of your pages, I would be happy to look at it for you.
0
 

Author Comment

by:Shad0r
ID: 8071958
Thanks topcat, the code below is the page i've been trying this on:

<%
Response.Expires = 60 'also tried -60 here
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!--#include virtual="/site/includes/instillib.asp" -->
<% '**Start Encode** %>
<% If dbOpened then %>
<% If IsAdmin("","") then %>
<html>
<head>
<title>instil admin main</title>
<!--#include virtual="/site/includes/head.asp" -->
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr style="height: 5px;">
    <td style="height: 5px;" colspan="3"></td>
  </tr>
  <tr>
    <td style="width: 5px;"></td>
    <td><p class="heading">&nbsp;</p>
      <p class="heading">&nbsp;</p>
      <p align="center" class="heading"><img src="/site/images/instil.jpg" alt="instil" width="473" height="116"></p>
      <p align="center" class="heading">&nbsp;</p>
      <p align="center" class="heading">Administrators Only</p>
      <p align="center" class="heading">&nbsp;</p>
      <p align="center" class="heading"><% If not SiteEnabled then Response.Write("WARNING: SITE IS DISABLED!") End if %></p>
      </td>
    <td style="width: 5px;"></td>
  </tr>
  <tr style="height: 5px;">
    <td style="height: 5px;" colspan="3"></td>
  </tr>
</table>
</body>
</html>
<% dbClose
Else
     Response.Redirect("/")
End if %>
<% Else %>
<!--#include virtual="/site/includes/nodb.asp" -->
<% End if %>

I'm testing this locally on my network and on my server, using IE6.
0
 
LVL 10

Expert Comment

by:MaxOvrdrv2
ID: 8072906
the way i see it... it will not prevent the user from clicking his back button.. but will force the "Page Has Expired: Retry-Re-Send the information or Cancel" pop-up box to appear if the user RETURNS to this page or uses the REFRESH button...

and you say that with the code you have... it does not ask for that??

MaxOvrdrv2
0
 

Author Comment

by:Shad0r
ID: 8072941
Neither happens, but I'm trying to achieve the first you mentioned. I've seen it so many times, often on shopping baskets.

Didn't think it would be this difficult to impliment :(
0
 
LVL 10

Expert Comment

by:MaxOvrdrv2
ID: 8072985
you mean the "can't click the back button" one or simply the "re-send info" pop-up box??

for the first one ("can't click the back buton"):

often... the simplest way is to open a new window... that way the user cannot click the back button since the url in the new window is the only one it's seen...

for the second one ("re-send info"):

the code you have should work! i don't see why not... if you are setting the expirations properly... like so:

Response.Expires = 1
Response.Expiresabsolute = Now()
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"

Hope this helps...

MaxOvrdrv2
0
 
LVL 6

Expert Comment

by:Taconvino
ID: 8072995
After hours and hours of reading books and searching the net, this was impossible for me to achieve.  I couldn't find any way to display the "Content has Expired" page.  So, I tried another aproach:  If all you want to do is to prevent the user from hitting the "Back" button, you can do it before your page is displayed.  Let me explain.  You probably have a page that links to the other like this:

<a href="ThePageIDontWantThemToHitBack.asp">Click Here</A>

You can change that for something like this:

<a href="#" onclick="ShowPage()">Click Here</A>

Then, the ShowPage sub:

<script Language=VBScript>
Sub ShowPage
window.location.replace "ThePageIDontWantThemToHitBack.asp"
end sub
</SCRIPT>

There's probably a shorter way to do this without the <script> tags (like placing the code directly in the OnClick event), but this works OK.

Hope this helps!

TCV
0
 

Author Comment

by:Shad0r
ID: 8073016
And that prevents the user from clicking back?

Can that be re-written in javascript as that obviously wouldn't run in non-IE browsers, cetainly not on Windows!

NB: I know practically no JS, only reason I ask!
0
 
LVL 1

Expert Comment

by:topcat_uk
ID: 8073042
Shad,

It is not possible to get the page has expired message when the user hits the back button using page expiration.

There are a few examples of how to achieve this by script/tricky on the web.  4guysfromRolla have two examples.

Sorry Pal.




0
 
LVL 6

Expert Comment

by:Taconvino
ID: 8073179
I think for JS the sintax is the same:

<script>
Function ShowPage() {
window.location.replace("ThePageIDontWantThemToHitBack.asp");
}
</SCRIPT>

And this doesn't "prevent" the user from hitting "back", vut when he does, the browser will take him two pages before.  You should try it.  It's pretty much self-explanatory.

TCV
0
 

Author Comment

by:Shad0r
ID: 8073338
Topcat, I've done several searches and looked through the security secion on 4Guys, but can't find the two articles you speak of.

Do you have the links?
0
 
LVL 1

Accepted Solution

by:
topcat_uk earned 200 total points
ID: 8073484
Shad,

Sorry about that.  I can only find the one.
This is an asp fix.
http://www.4guysfromrolla.com/webtech/012600-1.shtml

There is also a Javascript version, which I have been unable to find again.

I will look again for you tomorrow.
0
 

Author Comment

by:Shad0r
ID: 8075041
Thanks for that. It's put me on the right track, I'll play with having a hidden form which submits data as this seems to be key. Maybe use some onClick javascript to send it.

Thanks Topcat, you put me in the right direction :)
0
 

Author Comment

by:Shad0r
ID: 8075047
Not the exact anser but it's close enough!
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question