Frank Starsinic wrote:
> Are there standard techniques for preventing a user from using the back button
> in the
> browser and modifying and re-submitting a form? This issue has caused us serious
> problems
> in the past and we are wondering how other people handle this.
> i'm not so sure we should be worried about the Back Button as much as how to
> handle the situation if someone did try that by mistake.
>
> i guess not caching the page could be one quasi-solution? but what other
> techniques are used?
>
One thing I do that helps avoid this problem (but certainly doesn't eliminate it)
is to open my JSP-based app in a new window that does not have back buttons,
location bars, or any of that stuff. Visually, it looks much more like a standard
GUI application when you do this, so users are more likely to "get it" that this is
a transactional application system, not a browsable web site. Of course, this
still doesn't foil the savvy users that know about the right mouse menu or the
keyboard shortcuts ...
Also, it's possible that continued use of the "Back" button by users might be an
indicator that some additional navigational controls would be useful in the user
interface.
>
> what about something in the session that indicates that the page has been
> processed already??
>
This is a much better solution -- your app knows what stage of processing it is
expecting next, so it can reject input that comes in out of sequence.
>
> we also have concerns about a user bringing up 2 different browsers at the same
> time OR 2 browser windows and working on seperate parts of the app at the same
> time.
>
This is a valid concern, because often the two windows will share the same
servlet/JSP session. State management checking, as you proposed above, will help
here. In addition, since I'm opening my app in a new window, I specified a
particular target window name, so that the user cannot open the app more than once.
>
> our app is heavily workflow intensive and these issues have caused problems in
> the past.
>
As browser-based applications start to proliferate, all developers need to
continually educate users to use ONLY the navigation controls provided by the apps,
instead of surfing and bookmarking the usual way (unless your app is smart enough
to deal with the real life behavior under all circumstances).
>
> thanks,
>
> frank
>
Craig McClanahan
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff JSP-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
For JSP FAQ, http://www.esperanto.org.nz/jsp/jspfaq.html
