Solved

Browser Back after Registration

Posted on 2004-10-27
175 Views
Last Modified: 2010-04-01
Hi,

I am new to the web applications.Could anyone help me out.

I have a web based application.After registering to the site (with his user-id ,password and account )the user is logged in and the first page is displayed.

If he clicks on the browser back , the registration form is shown again and he can submit a form again with another account number. This is allowing the accounts linked to the same user.

(1)Instead ,I would want to log him out as soon as he clicks the BrowserBACK.

(2)If he directly types in the URL for the registration form ,since there is already an existing account ,he must get a warning to use AddAccounts link and not to register twice

How can get this done?
0
Question by:member_october
    6 Comments
     
    LVL 3

    Expert Comment

    by:Gunt
    What login method are you using?.

    In the case you have control over the login process:

    You can't detect the browser back button. What you can do to avoid double login, is:
    In your login process, before logging the user in, check if it's already logged. If he is, then forward to the error page, otherwise continue.

    For the second case, what you can do is making the request pass over a Servlet that forwards to the login page. This servlet can then check to see if the user is logged. If he is, forward to error page, otherwise forward to login page.

    0
     
    LVL 2

    Expert Comment

    by:siliconeagle
    I would use the following trick:-
    1.submit the form to a traget as a hiden iframe
    return a page to the iframe to trigger a replace on the parent document
    here are three files, replaceform.html is the residter page with the form it contains a hidden iframe that you submit to this submit to a your servlet or jsp and return a page which calls replaceURL() with in the iframes parent page (replaceform.html) then this is replaceed with your next page so the register page doesn't show up in the history.
    -----------replaceform.html---------------------------------------------
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <HTML>
    <HEAD>
    <TITLE>Form page</TITLE>
    <script>
          function replaceURL(url){
                document.location.replace(url);
          }
    </script>
    </HEAD>

    <BODY>
    <iframe id="submitform" name="submitform" width="100%" height="30" style="display:none"></iframe>
    <form action="./submitreturn.jsp" method="post" target="submitform" >
    <input type="text" name="data" value="">
    <input  type="submit"  value="GO">
    </form>
    </BODY>
    </HTML>
    -----------submitreturn.jsp---------------------------------------------
    <HTML>
    <HEAD>
    <TITLE> Submitted </TITLE>
    </HEAD>
    <BODY onload="parent.replaceURL('./thankyou.jsp')">
    </BODY>
    </HTML>
    -----------thankyou.jsp---------------------------------------------
    <HTML>
    <HEAD>
    <TITLE>Thankyou</TITLE>
    </HEAD>
    <BODY>thankyou</BODY>
    </HTML>
    0
     

    Author Comment

    by:member_october
    Hi gunt and siliconeagle ,

    Here,my form's action would be an Action class ( i am using struts) and so I think  if I got your code right ,it would not serve the purpose.

    Whats happening is, if  I register using Account#1,email#1 ,password and zipcode#1(a unique userid#1 is generated and I am successfully logged on(auto login) ,then I click on Browser Back or type in the url of the page (its not a jsp a .do) , Enter Account#2,email#2 ,password and zipcode#1.(no user-id is created). If I logout and logon with userid#1 ,the 2 accounts are displayed .

    are the session attributes not set?if then how is the Account#2 being taken?
    0
     
    LVL 3

    Accepted Solution

    by:
    When the user logs in, a userId is stored by you in the session. Your action might look like:
    - Check account data (username, password, email, etc)
    - If correct, generate userId, and store it in the user session. Then, forward to first page.
    - If incorrect, goto error page

    I suggest this:
    - Check if the session has a userId stored
    - If it has, then forward to error page (already logged in)
    - If it hasn't, continue:
    - Check account data (username, password, email, etc)
    - If correct, generate userId, and store it in the user session. Then, forward to first page.
    - If incorrect, goto error page

    Wouldn't this work for you?

    Also, there's is a pattern that helps you control flow:
    http://www.javaworld.com/javaworld/javatips/jw-javatip136.html
    It's to avoid double form submision, but it's useful to check that the user didn't submit a form with a back button:
    Basically, you store a token (a number for instance) in every JSP (generated by the action before forward, you set a hidden field with the token). You also store in the session the token. When the user submits, you check that the form he submited has the same token as the form he was supposed to submit (with the token in the session).
    0
     

    Author Comment

    by:member_october
    Gunt,

    Thanks for the info..from what i had asked this is correct.
    I had another trouble which I have posted in Java section.

    In case you are can find the rootcause for the problem.
    http://www.experts-exchange.com/Programming/Programming_Languages/Java/Q_21186722.html#12438772
    0
     
    LVL 3

    Expert Comment

    by:Gunt
    Thanks, I'll try to help you further there.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Suggested Solutions

    Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
    Read about why website design really matters in today's demanding market.
    This video Micro Tutorial is the first in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles al…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    875 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now