I remember an online banking app I used a few years back would open in a chromeless window with headers stating "do not click back or stop"!... (scary)
-----Original Message----- From: apachep2 [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 March 2003 23:15 To: 'Struts Users Mailing List' Subject: RE: The Back button on on multi-page forms ?????? Does IRS give me a chance hitting Back, re-filing last year's tax form and re-submitting it? :) -----Original Message----- From: Bueno Carlos M [mailto:[EMAIL PROTECTED] Sent: March 10, 2003 10:27 PM To: 'Struts Users Mailing List' Subject: RE: The Back button on on multi-page forms ?????? I may be way off here, but how about coding defensively? This isn't some special java-struts problem; it's the price of maintaining the illusion of a session over HTTP. Form tokens are a good idea but the user can and will click that pesky back button to change what they inputted. One of two things will happen: the browser calls up the form from cache and fills in the values or it makes a new HTTP request, which will give them a blank form. Since they have already submitted once, you have that data somewhere. So.... populate the dang form if the data exists. Simple? Simple. It doesn't have to be complicated. A properly-built state machine (ie, your session or action code) should ignore input that can corrupt its internals. Check the state you are about to change -- if it's already changed, go to the next step, merge it or whatever is the Right Thing To Do. If you app is so fragile that someone clicking ye olde back button will mess things up you should look for ways to improve and simplify your design, not some clever client hack. My reasoning is this: as soon as you plug one hole another will open up. Say you disable the back button. What happens if the user clicks submit twice? What happens if they press CTRL-N and now have two windows with the same session? 1. Users will always do what you don't expect. 2. The average user is pretty dumb. 3. Half of all users are even dumber than *that*. 4. Browsers work for them, not for you. -- los -----Original Message----- From: Andrew Hill [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 9:39 PM To: Struts Users Mailing List Subject: RE: The Back button on on multi-page forms ?????? <snip> Remember that the back button does not contact the server </snip> Some do sometimes - but Im not sure under what cicumstances - probably depends on what sort of caching setting you have set up in your browser - and what browser it is - and the alignment of neptune and saturn etc.. (ie: nothing you can rely on server side). Ive seen it happen. At the moment Im using the evil javascript location.replace trick to avoid pages going into the history where possible. People who hit the back button end up back on the login page... I really wanted to give them an electric shock to help the "back is bad" concept sink in properly, but alas! - the hardware isnt in place to administer this form of 'interactive user training' :-( -----Original Message----- From: David Graham [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 March 2003 06:17 To: [EMAIL PROTECTED] Subject: RE: The Back button on on multi-page forms ?????? Then that is a browser specific issue. When I hit the back button in Opera, all of the form fields are just how I entered them. Remember that the back button does not contact the server so Struts has nothing to do with this. David >From: "Ron Day" <[EMAIL PROTECTED]> >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> >To: "Struts Users Mailing List" <[EMAIL PROTECTED]> >Subject: RE: The Back button on on multi-page forms ?????? >Date: Mon, 10 Mar 2003 16:08:10 -0600 > >sorry, I think we are going in circles..... > >This is a multipage form (3 to be exact but with only one actionform), BUT >my whole original issue was: > >When they hit the back button the original form content IS either absent or >different to their last entries (I do a reset in the actionform0. > >Am I doing something wrong or is this a fact of life with the back button. > >ron > >-----Original Message----- >From: David Graham [mailto:[EMAIL PROTECTED] >Sent: Monday, March 10, 2003 3:49 PM >To: [EMAIL PROTECTED] >Subject: RE: The Back button on on multi-page forms ?????? > > >If this is a multi-page form, then don't use tokens and let them use the >back button to correct the data. If it's a single page form, use tokens >and >provide an update form where they can correct any mistakes they made on the >add form. The difference is that the multi-page form will be accumulating >data in the session rather than immediately inserting it in the database. > >David > > > > >From: "Ron Day" <[EMAIL PROTECTED]> > >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > >To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > >Subject: RE: The Back button on on multi-page forms ?????? > >Date: Mon, 10 Mar 2003 15:36:25 -0600 > > > >I completely understand your example and how validation works..... > > > >In my example, the error is not a validation error, it is a user error >(as > >my example said a wrong phone number) > >Say he/she typed in a home phone number and wants to go back and change >it > >to his work phone. > >The user instinctively will hit the back button. > >That's where my problem starts.......... > > > >ron > > > >-----Original Message----- > >From: David Graham [mailto:[EMAIL PROTECTED] > >Sent: Monday, March 10, 2003 3:27 PM > >To: [EMAIL PROTECTED] > >Subject: RE: The Back button on on multi-page forms ?????? > > > > > >1. User submits form with invalid data. > >2. Form bean's validate() method returns ActionErrors > >3. Struts *forwards* the request back to the input page with errors > >4. Input page displays errors. > >5. User submits form again, if invalid goto step 1. > > > >There is no valid reason for the user to use the back button to correct > >data. Tokens prevent the user from submitting the same form twice. > > > >David > > > > > > > > >From: "Ron Day" <[EMAIL PROTECTED]> > > >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > > >To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > > >Subject: RE: The Back button on on multi-page forms ?????? > > >Date: Mon, 10 Mar 2003 15:07:40 -0600 > > > > > >So, how can they correct a user error (i.e wrong phone number) on the > > >previous page, and resubmit the form? > > > > > >R > > > > > >-----Original Message----- > > >From: David Graham [mailto:[EMAIL PROTECTED] > > >Sent: Monday, March 10, 2003 3:01 PM > > >To: [EMAIL PROTECTED] > > >Subject: RE: The Back button on on multi-page forms ?????? > > > > > > > > >Pressing the back button does not contact the server and thus cannot >post > > >any information. When the user submits the form again, their token >will > >be > > >invalid and your action will prevent a duplicate post. > > > > > >David > > > > > > > > > > > > >From: "Ron Day" <[EMAIL PROTECTED]> > > > >Reply-To: "Struts Users Mailing List" ><[EMAIL PROTECTED]> > > > >To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > > > >Subject: RE: The Back button on on multi-page forms ?????? > > > >Date: Mon, 10 Mar 2003 14:40:43 -0600 > > > > > > > >Maybe I'm dumb, but it is not apparent to me how the "token" is used >to > > > >make > > > >the back button post the correct form information. > > > > > > > >R > > > > > > > >-----Original Message----- > > > >From: David Graham [mailto:[EMAIL PROTECTED] > > > >Sent: Monday, March 10, 2003 12:48 PM > > > >To: [EMAIL PROTECTED] > > > >Subject: RE: The Back button on on multi-page forms ?????? > > > > > > > > > > > >You'll notice that I also pointed you to the struts-example app that > > >shows > > > >you how to use the methods you found in the javadoc. > > > > > > > >David > > > > > > > > > > > > > > > > >From: "Ron Day" <[EMAIL PROTECTED]> > > > > >Reply-To: "Struts Users Mailing List" > ><[EMAIL PROTECTED]> > > > > >To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > > > > >Subject: RE: The Back button on on multi-page forms ?????? > > > > >Date: Mon, 10 Mar 2003 12:39:51 -0600 > > > > > > > > > >Khalid > > > > > > > > > >I will share anything I find. > > > > > > > > > >Have not got too much help so far..... > > > > > > > > > >I am digging into the "tokens" > > > > > > > > > >Javadoc does not say much !! > > > > > > > > > >Ron > > > > > > > > > >-----Original Message----- > > > > >From: Khalid K. [mailto:[EMAIL PROTECTED] > > > > >Sent: Monday, March 10, 2003 12:25 PM > > > > >To: [EMAIL PROTECTED] > > > > >Subject: Re: The Back button on on multi-page forms ?????? > > > > > > > > > > > > > > >Hello Ron, > > > > > > > > > >We have an application that has the same problem. if you got the > >"back" > > > > >button issue resloved, could you please share the code sample ?? > > > > >I checked the java doc, and it looks like "isValidToken" is in 1.1, > >and > > > >not > > > > >in 1.0.2. > > > > > > > > > >Thanks! > > > > > > > > > >Khalid > > > > > > > > > >----- Original Message ----- > > > > >From: "Ron Day" <[EMAIL PROTECTED]> > > > > >To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > > > > >Sent: Monday, March 10, 2003 10:14 AM > > > > >Subject: RE: The Back button on on multi-page forms > > > > > > > > > > > > > > > > I get the picture....thanks anyway. > > > > > > > > > > > > -----Original Message----- > > > > > > From: David Graham [mailto:[EMAIL PROTECTED] > > > > > > Sent: Monday, March 10, 2003 12:04 PM > > > > > > To: [EMAIL PROTECTED] > > > > > > Subject: RE: The Back button on on multi-page forms > > > > > > > > > > > > > > > > > > See the Action class' javadoc for details. > > > > > > > > > > > > David > > > > > > > > > > > > > > > > > > > > > > > > >From: "Ron Day" <[EMAIL PROTECTED]> > > > > > > >Reply-To: "Struts Users Mailing List" > > > ><[EMAIL PROTECTED]> > > > > > > >To: "Struts Users Mailing List" ><[EMAIL PROTECTED]> > > > > > > >Subject: RE: The Back button on on multi-page forms > > > > > > >Date: Mon, 10 Mar 2003 11:54:32 -0600 > > > > > > > > > > > > > >Thanks for the tip on tokens.... > > > > > > > > > > > > > >I'm not familiar (yet) with tokens. > > > > > > >Are these new in 1.1 or have they always been there..... I have > >to > > > >use > > > > > > >Struts 1.0. > > > > > > > > > > > > > >Ron > > > > > > > > > > > > > >-----Original Message----- > > > > > > >From: David Graham [mailto:[EMAIL PROTECTED] > > > > > > >Sent: Monday, March 10, 2003 10:24 AM > > > > > > >To: [EMAIL PROTECTED] > > > > > > >Subject: Re: The Back button on on multi-page forms > > > > > > > > > > > > > > > > > > > > >See the Action class' javadoc for the token methods and the > > > > >struts-example > > > > > > >app for how to use them. > > > > > > > > > > > > > >David > > > > > > > > > > > > > > > > > > > > > > > > > > > > >From: "Ron Day" <[EMAIL PROTECTED]> > > > > > > > >Reply-To: "Struts Users Mailing List" > > > > ><[EMAIL PROTECTED]> > > > > > > > >To: "Struts Users Mailing List" > ><[EMAIL PROTECTED]> > > > > > > > >Subject: The Back button on on multi-page forms > > > > > > > >Date: Mon, 10 Mar 2003 10:05:16 -0600 > > > > > > > > > > > > > > > >Anyone have any ideas or best practises on how to handle the > >use > > > > > > >(mis-use) > > > > > > > >of the browser back button on multi-page forms. > > > > > > > > > > > > > > > >My forms work fine and validate Ok, but if the back button is > > >used > > > > >the > > > > > > > >forms > > > > > > > >are not re-populated properly. In particular anything that >was > >in > > > >the > > > > > > > >reset, > > > > > > > >seems to be used when the form appears after the back button >is > > > >used. > > > > > > > > > > > > > > > >ron > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >--------------------------------------------------------------------- > > > > > > > >To unsubscribe, e-mail: > > >[EMAIL PROTECTED] > > > > > > > >For additional commands, e-mail: > > > >[EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > >_________________________________________________________________ > > > > > > >Add photos to your messages with MSN 8. Get 2 months FREE*. > > > > > > >http://join.msn.com/?page=features/featuredemail > > > > > > > > > > > > > > > > > > > > > > > >--------------------------------------------------------------------- > > > > > > >To unsubscribe, e-mail: > >[EMAIL PROTECTED] > > > > > > >For additional commands, e-mail: > > >[EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > >--------------------------------------------------------------------- > > > > > > >To unsubscribe, e-mail: > >[EMAIL PROTECTED] > > > > > > >For additional commands, e-mail: > > >[EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > >_________________________________________________________________ > > > > > > MSN 8 with e-mail virus protection service: 2 months FREE* > > > > > > http://join.msn.com/?page=features/virus > > > > > > > > > > > > > > > > > > > > >--------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: >[EMAIL PROTECTED] > > > > > > For additional commands, e-mail: > >[EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > >--------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: >[EMAIL PROTECTED] > > > > > > For additional commands, e-mail: > >[EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >--------------------------------------------------------------------- > > > > >To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > >For additional commands, e-mail: >[EMAIL PROTECTED] > > > > > > > > > > > >_________________________________________________________________ > > > >MSN 8 with e-mail virus protection service: 2 months FREE* > > > >http://join.msn.com/?page=features/virus > > > > > > > > > > > >--------------------------------------------------------------------- > > > >To unsubscribe, e-mail: [EMAIL PROTECTED] > > > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > >--------------------------------------------------------------------- > > > >To unsubscribe, e-mail: [EMAIL PROTECTED] > > > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > >_________________________________________________________________ > > >Protect your PC - get McAfee.com VirusScan Online > > >http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > > > > > > > > >--------------------------------------------------------------------- > > >To unsubscribe, e-mail: [EMAIL PROTECTED] > > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > >--------------------------------------------------------------------- > > >To unsubscribe, e-mail: [EMAIL PROTECTED] > > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > >_________________________________________________________________ > >Help STOP SPAM with the new MSN 8 and get 2 months FREE* > >http://join.msn.com/?page=features/junkmail > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > >_________________________________________________________________ >The new MSN 8: smart spam protection and 2 months FREE* >http://join.msn.com/?page=features/junkmail > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
