• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2462
  • Last Modified:

How do I Diable the IE back button in Jscript

We have a serious problem assocated withe the IE Back button. We have developed a logout page that I set the following but it does not work.

<%
Session("MM_2000Connect_STRING") = ""
Session.Abandon()
Response.CacheControl = "no-cache"
%>


The user can still use IE's back button to navigate the previous page with the data and submit the process again. Our users have complety rejected our work because of this.
I have searched through EE and tried all the solution but it DOES not work. As That is so important to us. This question is worth for more than 500 points.

Notes: we are using Jscript
see code logout.page

==========
<!-- static char rcsid[]="$Id: $";
-->
<%@LANGUAGE="JSCRIPT" %>
<%
Session("MM_2000Connect_STRING") = ""
Session.Abandon()
Response.CacheControl = "no-cache"
%>

<%
var FSurname = Request("surname")
var FGName = Request("gname")
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<title>Employee Management</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
body,td,th {
      font-family: Arial, Helvetica, sans-serif;
      font-size: 12px;
      color: #000000;
}
a:link {
      color: #000000;
}
a:visited {
      color: #000000;
}
a:hover {
      color: #FFFF00;
}
a:active {
      color: #000000;
}
.style8 {
      font-size: 18px;
      font-weight: bold;
}
.style9 {
      font-size: 18pt;
      font-weight: bold;
      color: #000066;
}
.style10 {color: #FF0000}
.style11 {
      color: #000000;
      font-style: italic;
}
.style12 {color: #000066; font-size: 18pt;}
.style13 {color: #FFFFFF}
-->
</style>

<script language="javascript">
     window.history.forward(1);
</script>

</head>
<form>
<BODY onLoad="if(history.length>0)history.go(+1)">
<div align="left">
  <table width="100%"  border="0">
    <tr>
      <td height="107" align="right" valign="top"><div align="left"></div></td>
      <td align="right" valign="top"><p><img src="Image/img_crm.jpg" width="386" height="87">
 
     
    </tr>
</table>

</font></td></tr></table>


  </font></td>
</tr></table>

<div align="center">
 </p>
 <p>&nbsp;</p>
 <p><span class="style9"><span class="style10">2000</span><span class="style11">Plus</span> </span><span class="style12">Employee Self Service</span>
  </p>
 <p>&nbsp;</p>
 <p>

<table width="60%"  border="0" align="center">
  <tr>
    <td align="center"><span class="style8">Thank you <%=FGName%>&nbsp;<%=FSurname%>!</span></td>
  </tr>
  <tr>
    <td align="left">&nbsp;</td>
  </tr>
  <tr>
    <td width="59%" align="left"><p>
      <STRONG>You have now left the secure areas of 2000Plus Employee Self Services.</STRONG></p>
      <!--p>Remember, you can easily log on again by attempting to access additional secure areas of the American Express website.</p-->
      <P>PLEASE NOTE: If you are leaving your computer unattended, exit your browser software.</P>
      <p>.
      </p></td>
  </tr>
</table>

</p>
</div>
</body>
</form>
</html>


===================== END===========================
Please help this is very urgent



0
paul_lau2828
Asked:
paul_lau2828
  • 5
  • 3
  • 3
  • +2
4 Solutions
 
aprestoCommented:
Put this in the page you dont want to be able to get back to:

<script>
history.forward()
</script>
0
 
aprestoCommented:
This will re-direct the person to the page they tried to go back from
0
 
TimYatesCommented:
It should be said however that disabling the back button is a bad idea.  It can be easily defeated by turning off javscript, or using a browser that doesn't support that "hack" (cos it is a javascript hack) ;-)

One thing you can do, is make sure that all your pages disable the cache, and put tokens onto your form posts so that if the token doesn't exist, the post gets ignored...

Basically, you have a page which redirects to the form page.  This page stores a token (the form name?) in the user's session.  When a form is posted, you first check to see if this token exists, and if not, reject the form...  If it does exist, process the form, and remove the token...

Also, the page that processes the form should redirect to the "thanks for that" page, so that the user can never press refresh (or navigate to) to form processing page...

It looks like you are using ASP though (and I use JSP/java), so I'll do a quick search for you, but I have no way of knowing if these resources are any good...

http://www.learnasp.com/learn/cachenomore.asp
http://forums.aspfree.com/printthread.php?t=23186
http://www.codeproject.com/useritems/SyncControl.asp?msg=799624

Good luck with it!!

Tim
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
eyeh8uCommented:
There is no way to disable the back button at all.

Some ideas include opening your site in a new window without the toolbar (toolbar=no;), however, Media keyboard back buttons still work, so does right click context menu.

The only thing you can do is expire the page:

Set the header of your pages to:
<%@ language=vbscript%>
<%Option explicit
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1
%>

This will stop the page being cached, hitting back will give the user a "Content has expired, you must refresh" message. Refreshing should mean that your ASP page rejects them as being a logged out user.

See MSDN article Q234067
0
 
java_programmerCommented:
Hi,

This is what you need to do:

When the user logs on, you add a variable to your session called logged in, by default this value is set to false.

Whenever you access a page or do  any db work, you make sure that that variable is set. If the session has be invalidated / logged out, your logged_in variable will be false, and you redirect the user to a login page.

So now, when the user hits back, they will still see the same page, but soon as they press refresh, or submit, they will be redirected to a page telling them that their session has expired and to relogin...

Cheers,
Derek
0
 
TimYatesCommented:
> So now, when the user hits back, they will still see the same page, but soon as they press refresh, or submit, they will be redirected to a page telling them that their session has expired and to relogin...

So long as you put the cache headers in like me and eyeh8u suggested ;-)
0
 
java_programmerCommented:
Headers should not matter that much, since the redirect will happen server side ..... but it can't hurt! usually with dynamic web sites, you turn off caching. You can usually do that on the server, instead of modifying every page....
0
 
TimYatesCommented:
> since the redirect will happen server side

But if the page is cached in the browser, then no call will be made to the server ;-)

We're splitting hairs here though...  I think paul_lau2828  should have his solution by now :-)
0
 
paul_lau2828Author Commented:
Still does NOT WORK as I have tried to use the ways you guys suggested to me. I'm using IE Version 6.0

See code below
===========

<!-- static char rcsid[]="$Id: $";
-->
<%@LANGUAGE="JSCRIPT" %>
<%
Session("MM_2000Connect_STRING") = ""
Session.Abandon()
Response.CacheControl = "no-cache"
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script language="javascript">
     window.history.forward(1);
</script>
<%
var FSurname = Request("surname")
var FGName = Request("gname")
%>
<title>Employee Management</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
body,td,th {
      font-family: Arial, Helvetica, sans-serif;
      font-size: 12px;
      color: #000000;
}
a:link {
      color: #000000;
}
a:visited {
      color: #000000;
}
a:hover {
      color: #FFFF00;
}
a:active {
      color: #000000;
}
.style8 {
      font-size: 18px;
      font-weight: bold;
}
.style9 {
      font-size: 18pt;
      font-weight: bold;
      color: #000066;
}
.style10 {color: #FF0000}
.style11 {
      color: #000000;
      font-style: italic;
}
.style12 {color: #000066; font-size: 18pt;}
.style13 {color: #FFFFFF}
-->
</style>
</head>
<form>
<BODY onLoad="if(history.length>0)history.go(+1)">
<div align="left">
  <table width="100%"  border="0">
    <tr>
      <td height="107" align="right" valign="top"><div align="left"></div></td>
      <td align="right" valign="top"><p><img src="Image/img_crm.jpg" width="386" height="87">
 
     
    </tr>
</table>

</font></td></tr></table>


  </font></td>
</tr></table>

<div align="center">
 </p>
 <p>&nbsp;</p>
 <p><span class="style9"><span class="style10">2000</span><span class="style11">Plus</span> </span><span class="style12">Employee Self Service</span>
  </p>
 <p>&nbsp;</p>
 <p>

<table width="60%"  border="0" align="center">
  <tr>
    <td align="center"><span class="style8">Thank you <%=FGName%>&nbsp;<%=FSurname%>!</span></td>
  </tr>
  <tr>
    <td align="left">&nbsp;</td>
  </tr>
  <tr>
    <td width="59%" align="left"><p>
      <STRONG>You have now left the secure areas of 2000Plus Employee Self Services.</STRONG></p>
      <!--p>Remember, you can easily log on again by attempting to access additional secure areas of the American Express website.</p-->
      <P>PLEASE NOTE: If you are leaving your computer unattended, exit your browser software.</P>
      <p>.
      </p></td>
  </tr>
</table>

</p>
</div>
</body>
</form>
</html>


0
 
aprestoCommented:
<script language="javascript">
     window.history.forward(1);
</script>

change to

<script language="javascript">
     history.forward();
</script>

Do this work
0
 
TimYatesCommented:
That link repeats almost exactly what has been said here...

You can't (but there are some things you can do to make your webapp handle it better)
0
 
eyeh8uCommented:
@TimYates yeah, I know, but I thought it was a good article that covered all the ideas in one article, rather than seperate ideas in seperate articles. Handy reference.
0
 
TimYatesCommented:
Very true :-)
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 5
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now