I am too interested how we can do this.
Oftent he problem is that after logout, if user clicks back in the browser and is able to see content, this is not expected. there will be many advantages if we can disable back button especially when we require it.
Cache control:
one of the best and easiest way to handle issues popup because of clicking back button is to set no cache for the pages.
setting no cache:
You can use client-side code to force the user's browser to not cache a Web page.
<html>
<head>
<meta http-equiv="Expires" CONTENT="0">
<meta http-equiv="Cache-Control" CONTENT="no-cache">
<meta http-equiv="Pragma" CONTENT="no-cache">
</head>
There are a couple things to keep in mind when using the above method to force a browser to not
cache a Web page:
Pragma: no-cache
prevents caching only when used over a secure connection.
APragma: no-cache
META tag is treated identically toExpires: -1
if used in a
non-secure page. The page will be cached but marked as immediately expired.Cache-Control
METAHTTP-EQUIV
tags are ignored and have no effect in Internet
Explorer versions 4 or 5.
You can use both in your code. I tried this but this was not the solution because it did not work in all the
browsers so I guess if one had an intranet environment where there was some control in place then they could
use this method.
Javascript
My next area of research focused on the various rewiring the back button suggestions. An article by TJ
Sylvester, Rewiring the Back Button, makes interesting reading but I
noticed that when one clicks back it does not indeed take you to the page you entered the data but if I
clicked back twice it does and we would not want that too. Basically a determined user could always figure
out a way to circumvent the preventative measures.
Another way to "disable the back button" is to use client-side JavaScript code to open a new window that
doesn't have the toolbar. (This makes it harder (not impossible) for the user to go back to the previous
page.)
Another, more failsafe approach (although quite annoying) is, when a form is submitted, to open a new window
and close the window that the form existed in. I didn't give this method serious thought because
I would not like my site opening up a new window everytime a user submitted a form.
Next I examined the possibility of adding client-side JavaScript code on the page that we do not want to let
the user return to. Such JavaScript code could be used to have the effect of hitting the forward button, which would
counter any action by a user clicking the back button. The JavaScript code to accomplish this can be seen below:
|
Again this is workable but it is far from the best way.
I was then given the suggestion to use location.replace
to navigate form one page to another.
What this does is it replaces the current history entry with the new page so only one page will be maintained
in the history and the back button will never get enabled. This is, I guess, what a lot of people are looking
for, but again this would not be the best answer in all cases.
For one thing you will have to use client side script for this. For an anchor tag this will be easy by just
using:
|
The above technique has its disadvantages: simply using Response.Redirect
will not work, since,
each time a user jumps from one page to another, you need to clear out the location.history
field
through client-side code. Also, keep in mind that this will just remove the last history entry, not all
of them. Go ahead and click the above hyperlink, you will be taken to a simple HTML page. Try clicking the back button
and you will notice you will be taken to the page you were visiting before you came to this page! (Assuming,
of course, you have client-side JavaScript code enabled in your browser.)
After my exhaustive search I found that there is still no way of truly disabling the back button for all cases.
All the methods I discussed in this article will, with varying degrees of success, prevent the
user from viewing the previous page, but they, of course, all have their limitations. The best solution involves
a mixture of both client-side and server-side script; regardless, there is no way to completely disable the back
button
JSP
%
Response.Buffer = True
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
%>
ASP.NET
Response.CacheControl = "no-cache";
Proxy Server Caching-
Response.CacheControl = "private";
It disables the proxy server caching and page is cached on local machine.
Response.CacheControl = "public";
Proxy server cache is enabled.
Users request pages from a local server instead of direct from the source.