Yes. With server-side tokens we solve the Back button's problem. But I see it as a *fix* after wrong actions from end users. It is now clear that this is a challenging problem to close the door at client-sides to possible wrong actions.
When a user watches movies using a VCR, if the user touches a wrong button by accident and the VCR gives a message like "You have to replay the move from the beginning" Would people consider the interface of the VCR good? Could the VCR be improved to ignore irrelevant button's actions? I believe we will have answers. Jing ----- Original Message ----- From: "Adam Hardy" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Wednesday, September 03, 2003 5:18 PM Subject: Re: Is there a way to disable the browser's Back button without sending an http request? > Hi Jing, > surely it is possible to solve your state problems with server-side > checks? Each page can set a control mechanism with a value in the user's > session when the page is displayed. Any submission from any page in your > wizard app is either allowed or disallowed by referencing the info > stored in the session. > > Adam > > On 09/03/2003 08:28 PM Jing Zhou wrote: > > We use the "POST" method for almost every web form in > > wizard like applications with the internal forwarding mechanism. > > If the browser's Back button could be disabled for the next page, > > all bad things that destroy application states will be gone. > > Token mechanism had been carefully examined. But I am wondering > > if we have a better solution than tokens... > > > > I just discovered a way that allows me to nullify the Back button > > without sending http requests (enabled but doing nothing if clicked). > > But it works only on IE 5.0. I am looking for the reasons on IE 6.0 now. > > > > Our experiments show using history.forward() or > > history.forward(1) would not work for me. The Back button > > behaves as expected. > > > > Jing > > Netspread Carrier > > http://www.netspread.com > > > > ----- Original Message ----- > > From: "iguane183" <[EMAIL PROTECTED]> > > To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > > Sent: Wednesday, September 03, 2003 8:59 AM > > Subject: RE: Is there a way to disable the browser's Back button without > > sending an http request? > > > > > > > >>Maybe you could go from page to page with <form method="post" >. > >>the browser will have to sent the request again (because "the page has > >>expired") > >>and then you can verify with a token what is happening. > >> > >>Gabriel K. > >> > >> > >>At 21:44 03/09/2003 +0800, you wrote: > >> > >>>Not if your browser sends a new request for the previous page instead of > >>>using its cache, and that page crashes since the objects its expecting in > >>>various contexts arent there anymore... > >>> > >>>-----Original Message----- > >>>From: Brian Lee [mailto:[EMAIL PROTECTED] > >>>Sent: Wednesday, 3 September 2003 21:37 > >>>To: [EMAIL PROTECTED] > >>>Subject: RE: Is there a way to disable the browser's Back button without > >>>sending an http request? > >>> > >>> > >>>You can also include a line like this in each jsp: > >>>window.history.forward(1); > >>> > >>>This will effectively negate the back button. > >>> > >>>BAL > >>> > >>> > >>>>From: "Mark Galbreath" <[EMAIL PROTECTED]>>To: "Struts Users > > > > Mailing > > > >>>>List" <[EMAIL PROTECTED]>, "Jing Zhou" > > > > <[EMAIL PROTECTED]> > > > >>>>Subject: RE: Is there a way to disable the browser's Back button > > > > without > > > >>>>sending an http request? > >>>>Date: Wed, 3 Sep 2003 07:15:31 -0400 > >>>> > >>>>Set a token in request scope and use Struts logic tags to test is > > > > presence > > > >>>>and value, then forward or not. Simple. > >>>> > >>>>Mark > >>>> > >>>>-----Original Message----- > >>>>From: Jing Zhou [mailto:[EMAIL PROTECTED] > >>>>Sent: Tuesday, September 02, 2003 11:53 PM > >>>>To: Struts Users Mailing List > >>>>Subject: Is there a way to disable the browser's Back button without > >>>>sending an http request? > >>>> > >>>> > >>>>It looks to me the answer is NO, although we could use Java script > >>>>location.replace('url'). But the statement sends out an http request. > >>>> > >>>>I would like to know if there is a different answer to it. > >>>> > >>>>Jing > >>>>Netspread Carrier > >>>>http://www.netspread.com > >>>> > >>>> > >>>> > >>>> > >>>>--------------------------------------------------------------------- > >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>> > >>> > >>>_________________________________________________________________ > >>>MSN 8: Get 6 months for $9.95/month. > > > > http://join.msn.com/?page=dept/dialup > > > >>> > >>>--------------------------------------------------------------------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>>--------------------------------------------------------------------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > -- > struts 1.1 + tomcat 4.1.27 + java 1.4.2 > Linux 2.4.20 RH9 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]