Hi Shekher, all my testing was under SSL connection. So without pragma and cache control it's not working - sadly.
Best greetings, Paweł Wielgus. 2009/1/22 shekher awasthi <shekher.awas...@gmail.com>: > Hi Paweł, > > another way we can do this by using SSL > as we are dealing in secure zone so using SSL for this might be a good case. > > the application i have seen so far who have dealt with this back/forward > button always using HTTPS protocol. > > i am also diving in to this case study and will share the results > > > On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote: >> >> one of the banking application site which i tested today >> >> when user get logged off from and try to hit the back button he will be >> shown a different page >> instead the one in the cache >> so i am also loking in to this aspect. >> >> >> On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote: >>> >>> using javascript is not a sure short solution >>> as i tested it throughly and javascript behaviour is not consistent >>> throught >>> >>> regarding setting header i did this i developed a custom interceptor which >>> is doing this >>> >>> but again its not worked as expected. >>> i am still clueless how online banking application doing this trick >>> >>> i am still on R&D mode for this if find anything will share it >>> >>> >>> On 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote: >>>> >>>> Hi Ehtesham, >>>> it was said before on this thread that user can simply turn of >>>> javascript whenever he wants, >>>> thats why i was looking for more server controlled solution. But thank >>>> You for pointing it out, You made me to add it to my blog post. >>>> >>>> Best greetings, >>>> Paweł Wielgus. >>>> >>>> 2009/1/22 Ehteshamul Haque <ehsho...@yahoo.com>: >>>> > >>>> > >>>> > >>>> > Hi, >>>> > >>>> > I am not that much expert I I used the following javascript code before >>>> in each page and it workded fine. >>>> > >>>> > >>>> > <script language="JavaScript"> >>>> > var x=window.history.length; >>>> > if (window.history[x]!=window.location) >>>> > { >>>> > window.history.forward(); >>>> > } >>>> > </script> >>>> > >>>> > If it work for you I will be very happy. >>>> > >>>> > Thank you. >>>> > >>>> > -Ehtesham >>>> > >>>> > >>>> > --- On Thu, 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote: >>>> > >>>> > From: Paweł Wielgus <poulw...@gmail.com> >>>> > Subject: Re: Handling Browser Back/Forward Button in Struts2 >>>> > To: "Struts Users Mailing List" <user@struts.apache.org> >>>> > Date: Thursday, January 22, 2009, 12:34 AM >>>> > >>>> > Hi Shekher, >>>> > it was very interesting subject, so i dig a little more. >>>> > Here [1] is what i found, with some tests. >>>> > Basicly it turns out that You should add headers in page and to >>>> response. >>>> > >>>> > [1] - >>>> http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html >>>> > >>>> > Best greetings, >>>> > Paweł Wielgus. >>>> > >>>> > 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>: >>>> >> Is it possible that either i should only put these header in the >>>> logout >>>> >> action >>>> >> >>>> >> where i am removing the session and den redirecting the user to index >>>> page >>>> >> something like this >>>> >> >>>> >> HttpServletResponse response=null; >>>> >> response=ServletActionContext.getResponse(); >>>> >> >>>> >> response.setHeader("Pragma", "no-cache"); >>>> >> response.setHeader("Cache-Control", "no-cache"); >>>> >> response.setHeader("Expires", "0"); >>>> >> >>>> >> or can we create a interceptor which can do this for all the request >>>> wheer >>>> >> we want this feature?? >>>> >> >>>> >> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com> >>>> >> >>>> >>> i tried using setting the eader values but they are not working as >>>> expected >>>> >>> i can even >>>> >>> >>>> >>> go and move back using broswer back button. >>>> >>> >>>> >>> if i will find anything helpfull will share with you >>>> >>> till then hard luck >>>> >>> :) >>>> >>> >>>> >>> 2009/1/21 Paweł Wielgus <poulw...@gmail.com> >>>> >>> >>>> >>> Hi Shekher, >>>> >>>> what i meant is that it can be done from server side. >>>> >>>> Check for example Your e-banking application, i did it on mine :-). >>>> >>>> There, when You press back button browser won't serve You cached >>>> page >>>> >>>> but ask server for fresh one - this is controlled with content-cache >>>> >>>> and pragma, but i can't be more helpfull to You here because i >>>> haven't >>>> >>>> done it before. >>>> >>>> >>>> >>>> Best greetings, >>>> >>>> Paweł Wielgus. >>>> >>>> >>>> >>>> >>>> >>>> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>: >>>> >>>> > Hi Paweł, >>>> >>>> > >>>> >>>> > thats true it only send request to server if i will refresh the >>>> page >>>> >>>> and >>>> >>>> > for that i have already custom interceptor places which is >>>> checking the >>>> >>>> user >>>> >>>> > object in session in order to confirm that the request is from >>>> >>>> authorized >>>> >>>> > user >>>> >>>> > >>>> >>>> > but when i make use of back button it serve the page from the >>>> local >>>> >>>> > chache,so the problem is related to client side more than that of >>>> server >>>> >>>> > handling >>>> >>>> > >>>> >>>> > still trying to find a firm solution for it >>>> >>>> > >>>> >>>> > 2009/1/20 Paweł Wielgus <poulw...@gmail.com> >>>> >>>> > >>>> >>>> >> Hi Shekher, >>>> >>>> >> first try this scenario: >>>> >>>> >> 1. logout user >>>> >>>> >> 2. back button - check for logs if action was fired >>>> >>>> >> 3. refresh page - check for logs if action was fired >>>> >>>> >> Most likely only the 3. will fire action because browser will >>>> serve >>>> >>>> >> cached version of that page. >>>> >>>> >> I was about to write that to deal with it You can use https >>>> scheme, >>>> >>>> >> but i just got it checked and it's not true. So maybe using >>>> pragma and >>>> >>>> >> or cache-control will do? >>>> >>>> >> >>>> >>>> >> Still user can disable javascript so solution with script might >>>> not >>>> >>>> work. >>>> >>>> >> If You find out anything more please let us know. >>>> >>>> >> >>>> >>>> >> Best greetings, >>>> >>>> >> Paweł Wielgus. >>>> >>>> >> >>>> >>>> >> >>>> >>>> >> 2009/1/20 Robert Graf-Waczenski <r...@lsoft.com>: >>>> >>>> >> > You don't write if the browser back button is supposed to be >>>> >>>> functional >>>> >>>> >> in >>>> >>>> >> > your application (in many cases it is not, but YMMV). >>>> >>>> >> > >>>> >>>> >> > If you want to disable the browser back button, use the code >>>> below in >>>> >>>> all >>>> >>>> >> > your pages: >>>> >>>> >> > >>>> >>>> >> > <script type="text/javascript"> >>>> >>>> >> > history.forward(); >>>> >>>> >> > </script> >>>> >>>> >> > >>>> >>>> >> > I'm not aware of any feature in Struts2 that deals with the >>>> browser >>>> >>>> back >>>> >>>> >> > button. >>>> >>>> >> > >>>> >>>> >> > Robert >>>> >>>> >> > >>>> >>>> >> > >>>> >>>> >> > shekher awasthi wrote: >>>> >>>> >> >> >>>> >>>> >> >> Hi All, >>>> >>>> >> >> >>>> >>>> >> >> in the process of developing application using struts 2.0.11, >>>> i came >>>> >>>> >> >> across >>>> >>>> >> >> the problem of handling browser back/forward button. >>>> >>>> >> >> >>>> >>>> >> >> This problem is occurring when we will logout the user.On >>>> Clicking >>>> >>>> the >>>> >>>> >> >> logout button we are currently removing the user from the >>>> session >>>> >>>> >> >> >>>> >>>> >> >> and it worked fine for us. After the successful logout process >>>> user >>>> >>>> will >>>> >>>> >> >> be >>>> >>>> >> >> redirected to the index page(which have the login field), >>>> >>>> >> >> >>>> >>>> >> >> but when user hits the browser back button he is getting >>>> himself >>>> >>>> there >>>> >>>> >> in >>>> >>>> >> >> the secure page even we have remove the user object from the >>>> session >>>> >>>> >> >> >>>> >>>> >> >> below is the code we are using for removing the user >>>> >>>> >> >> >>>> >>>> >> >> session.remove(BSConstant.USER); >>>> >>>> >> >> >>>> >>>> >> >> i am clueless where we are doing wrong , as we think we are >>>> having >>>> >>>> two >>>> >>>> >> >> points >>>> >>>> >> >> >>>> >>>> >> >> 1) Either the user is not getting removed from the session,but >>>> the >>>> >>>> >> chances >>>> >>>> >> >> are very less as for all other call after logout it is forcing >>>> the >>>> >>>> user >>>> >>>> >> to >>>> >>>> >> >> login first. >>>> >>>> >> >> >>>> >>>> >> >> 2) Back button handling is not there >>>> >>>> >> >> >>>> >>>> >> >> my question is, Is there any way in struts2 to handle browser >>>> >>>> >> back/forward >>>> >>>> >> >> button or do i need to use some other technique like >>>> >>>> >> >> >>>> >>>> >> >> setting response header >>>> >>>> >> >> >>>> >>>> >> >> any suggestion in this regard will be much appreciated. >>>> >>>> >> >> >>>> >>>> >> >> -s >>>> >>>> >> >> >>>> >>>> >> >> >>>> >>>> >> > >>>> >>>> >> > >>>> >>>> >> > >>>> --------------------------------------------------------------------- >>>> >>>> >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >>>> >>>> >> > For additional commands, e-mail: user-h...@struts.apache.org >>>> >>>> >> > >>>> >>>> >> > >>>> >>>> >> >>>> >>>> >> >>>> --------------------------------------------------------------------- >>>> >>>> >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >>>> >>>> >> For additional commands, e-mail: user-h...@struts.apache.org >>>> >>>> >> >>>> >>>> >> >>>> >>>> > >>>> >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >>>> >>>> For additional commands, e-mail: user-h...@struts.apache.org >>>> >>>> >>>> >>>> >>>> >>> >>>> >> >>>> > >>>> > --------------------------------------------------------------------- >>>> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >>>> > For additional commands, e-mail: user-h...@struts.apache.org >>>> > >>>> > >>>> > >>>> > >>>> > >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >>>> For additional commands, e-mail: user-h...@struts.apache.org >>>> >>>> >>> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org