How do I Diable the IE back button in Jscript

We have a serious problem assocated withe the IE Back button. We have developed a logout page that I set the following but it does not work.

<%
Session("MM_2000Connect_STRING") = ""
Session.Abandon()
Response.CacheControl = "no-cache"
%>


The user can still use IE's back button to navigate the previous page with the data and submit the process again. Our users have complety rejected our work because of this.
I have searched through EE and tried all the solution but it DOES not work. As That is so important to us. This question is worth for more than 500 points.

Notes: we are using Jscript
see code logout.page

==========
<!-- static char rcsid[]="$Id: $";
-->
<%@LANGUAGE="JSCRIPT" %>
<%
Session("MM_2000Connect_STRING") = ""
Session.Abandon()
Response.CacheControl = "no-cache"
%>

<%
var FSurname = Request("surname")
var FGName = Request("gname")
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<title>Employee Management</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
body,td,th {
      font-family: Arial, Helvetica, sans-serif;
      font-size: 12px;
      color: #000000;
}
a:link {
      color: #000000;
}
a:visited {
      color: #000000;
}
a:hover {
      color: #FFFF00;
}
a:active {
      color: #000000;
}
.style8 {
      font-size: 18px;
      font-weight: bold;
}
.style9 {
      font-size: 18pt;
      font-weight: bold;
      color: #000066;
}
.style10 {color: #FF0000}
.style11 {
      color: #000000;
      font-style: italic;
}
.style12 {color: #000066; font-size: 18pt;}
.style13 {color: #FFFFFF}
-->
</style>

<script language="javascript">
     window.history.forward(1);
</script>

</head>
<form>
<BODY onLoad="if(history.length>0)history.go(+1)">
<div align="left">
  <table width="100%"  border="0">
    <tr>
      <td height="107" align="right" valign="top"><div align="left"></div></td>
      <td align="right" valign="top"><p><img src="Image/img_crm.jpg" width="386" height="87">
 
     
    </tr>
</table>

</font></td></tr></table>


  </font></td>
</tr></table>

<div align="center">
 </p>
 <p>&nbsp;</p>
 <p><span class="style9"><span class="style10">2000</span><span class="style11">Plus</span> </span><span class="style12">Employee Self Service</span>
  </p>
 <p>&nbsp;</p>
 <p>

<table width="60%"  border="0" align="center">
  <tr>
    <td align="center"><span class="style8">Thank you <%=FGName%>&nbsp;<%=FSurname%>!</span></td>
  </tr>
  <tr>
    <td align="left">&nbsp;</td>
  </tr>
  <tr>
    <td width="59%" align="left"><p>
      <STRONG>You have now left the secure areas of 2000Plus Employee Self Services.</STRONG></p>
      <!--p>Remember, you can easily log on again by attempting to access additional secure areas of the American Express website.</p-->
      <P>PLEASE NOTE: If you are leaving your computer unattended, exit your browser software.</P>
      <p>.
      </p></td>
  </tr>
</table>

</p>
</div>
</body>
</form>
</html>


===================== END===========================
Please help this is very urgent



paul_lau2828Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aprestoCommented:
Put this in the page you dont want to be able to get back to:

<script>
history.forward()
</script>
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
aprestoCommented:
This will re-direct the person to the page they tried to go back from
0
TimYatesCommented:
It should be said however that disabling the back button is a bad idea.  It can be easily defeated by turning off javscript, or using a browser that doesn't support that "hack" (cos it is a javascript hack) ;-)

One thing you can do, is make sure that all your pages disable the cache, and put tokens onto your form posts so that if the token doesn't exist, the post gets ignored...

Basically, you have a page which redirects to the form page.  This page stores a token (the form name?) in the user's session.  When a form is posted, you first check to see if this token exists, and if not, reject the form...  If it does exist, process the form, and remove the token...

Also, the page that processes the form should redirect to the "thanks for that" page, so that the user can never press refresh (or navigate to) to form processing page...

It looks like you are using ASP though (and I use JSP/java), so I'll do a quick search for you, but I have no way of knowing if these resources are any good...

http://www.learnasp.com/learn/cachenomore.asp
http://forums.aspfree.com/printthread.php?t=23186
http://www.codeproject.com/useritems/SyncControl.asp?msg=799624

Good luck with it!!

Tim
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

eyeh8uCommented:
There is no way to disable the back button at all.

Some ideas include opening your site in a new window without the toolbar (toolbar=no;), however, Media keyboard back buttons still work, so does right click context menu.

The only thing you can do is expire the page:

Set the header of your pages to:
<%@ language=vbscript%>
<%Option explicit
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1
%>

This will stop the page being cached, hitting back will give the user a "Content has expired, you must refresh" message. Refreshing should mean that your ASP page rejects them as being a logged out user.

See MSDN article Q234067
0
java_programmerCommented:
Hi,

This is what you need to do:

When the user logs on, you add a variable to your session called logged in, by default this value is set to false.

Whenever you access a page or do  any db work, you make sure that that variable is set. If the session has be invalidated / logged out, your logged_in variable will be false, and you redirect the user to a login page.

So now, when the user hits back, they will still see the same page, but soon as they press refresh, or submit, they will be redirected to a page telling them that their session has expired and to relogin...

Cheers,
Derek
0
TimYatesCommented:
> So now, when the user hits back, they will still see the same page, but soon as they press refresh, or submit, they will be redirected to a page telling them that their session has expired and to relogin...

So long as you put the cache headers in like me and eyeh8u suggested ;-)
0
java_programmerCommented:
Headers should not matter that much, since the redirect will happen server side ..... but it can't hurt! usually with dynamic web sites, you turn off caching. You can usually do that on the server, instead of modifying every page....
0
TimYatesCommented:
> since the redirect will happen server side

But if the page is cached in the browser, then no call will be made to the server ;-)

We're splitting hairs here though...  I think paul_lau2828  should have his solution by now :-)
0
paul_lau2828Author Commented:
Still does NOT WORK as I have tried to use the ways you guys suggested to me. I'm using IE Version 6.0

See code below
===========

<!-- static char rcsid[]="$Id: $";
-->
<%@LANGUAGE="JSCRIPT" %>
<%
Session("MM_2000Connect_STRING") = ""
Session.Abandon()
Response.CacheControl = "no-cache"
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script language="javascript">
     window.history.forward(1);
</script>
<%
var FSurname = Request("surname")
var FGName = Request("gname")
%>
<title>Employee Management</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
body,td,th {
      font-family: Arial, Helvetica, sans-serif;
      font-size: 12px;
      color: #000000;
}
a:link {
      color: #000000;
}
a:visited {
      color: #000000;
}
a:hover {
      color: #FFFF00;
}
a:active {
      color: #000000;
}
.style8 {
      font-size: 18px;
      font-weight: bold;
}
.style9 {
      font-size: 18pt;
      font-weight: bold;
      color: #000066;
}
.style10 {color: #FF0000}
.style11 {
      color: #000000;
      font-style: italic;
}
.style12 {color: #000066; font-size: 18pt;}
.style13 {color: #FFFFFF}
-->
</style>
</head>
<form>
<BODY onLoad="if(history.length>0)history.go(+1)">
<div align="left">
  <table width="100%"  border="0">
    <tr>
      <td height="107" align="right" valign="top"><div align="left"></div></td>
      <td align="right" valign="top"><p><img src="Image/img_crm.jpg" width="386" height="87">
 
     
    </tr>
</table>

</font></td></tr></table>


  </font></td>
</tr></table>

<div align="center">
 </p>
 <p>&nbsp;</p>
 <p><span class="style9"><span class="style10">2000</span><span class="style11">Plus</span> </span><span class="style12">Employee Self Service</span>
  </p>
 <p>&nbsp;</p>
 <p>

<table width="60%"  border="0" align="center">
  <tr>
    <td align="center"><span class="style8">Thank you <%=FGName%>&nbsp;<%=FSurname%>!</span></td>
  </tr>
  <tr>
    <td align="left">&nbsp;</td>
  </tr>
  <tr>
    <td width="59%" align="left"><p>
      <STRONG>You have now left the secure areas of 2000Plus Employee Self Services.</STRONG></p>
      <!--p>Remember, you can easily log on again by attempting to access additional secure areas of the American Express website.</p-->
      <P>PLEASE NOTE: If you are leaving your computer unattended, exit your browser software.</P>
      <p>.
      </p></td>
  </tr>
</table>

</p>
</div>
</body>
</form>
</html>


0
aprestoCommented:
<script language="javascript">
     window.history.forward(1);
</script>

change to

<script language="javascript">
     history.forward();
</script>

Do this work
0
TimYatesCommented:
That link repeats almost exactly what has been said here...

You can't (but there are some things you can do to make your webapp handle it better)
0
eyeh8uCommented:
@TimYates yeah, I know, but I thought it was a good article that covered all the ideas in one article, rather than seperate ideas in seperate articles. Handy reference.
0
TimYatesCommented:
Very true :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Fonts Typography

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.