Hi Shekher,
all my testing was under SSL connection. So without pragma and cache
control it's not working - sadly.
Best greetings,
Paweł Wielgus.
2009/1/22 shekher awasthi <shekher.awas...@gmail.com>:
> Hi Paweł,
>
> another way we can do this by using SSL
> as we are dealing in secure zone so using SSL for this might be a good case.
>
> the application i have seen so far who have dealt with this back/forward
> button always using HTTPS protocol.
>
> i am also diving in to this case study and will share the results
>
>
> On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote:
>>
>> one of the banking application site which i tested today
>>
>> when user get logged off from and try to hit the back button he will be
>> shown a different page
>> instead the one in the cache
>> so i am also loking in to this aspect.
>>
>>
>> On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote:
>>>
>>> using javascript is not a sure short solution
>>> as i tested it throughly and javascript behaviour is not consistent
>>> throught
>>>
>>> regarding setting header i did this i developed a custom interceptor which
>>> is doing this
>>>
>>> but again its not worked as expected.
>>> i am still clueless how online banking application doing this trick
>>>
>>> i am still on R&D mode for this if find anything will share it
>>>
>>>
>>> On 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote:
>>>>
>>>> Hi Ehtesham,
>>>> it was said before on this thread that user can simply turn of
>>>> javascript whenever he wants,
>>>> thats why i was looking for more server controlled solution. But thank
>>>> You for pointing it out, You made me to add it to my blog post.
>>>>
>>>> Best greetings,
>>>> Paweł Wielgus.
>>>>
>>>> 2009/1/22 Ehteshamul Haque <ehsho...@yahoo.com>:
>>>> >
>>>> >
>>>> >
>>>> > Hi,
>>>> >
>>>> > I am not that much expert I I used the following javascript code before
>>>> in each page and it workded fine.
>>>> >
>>>> >
>>>> > <script language="JavaScript">
>>>> > var x=window.history.length;
>>>> > if (window.history[x]!=window.location)
>>>> > {
>>>> > window.history.forward();
>>>> > }
>>>> > </script>
>>>> >
>>>> > If it work for you I will be very happy.
>>>> >
>>>> > Thank you.
>>>> >
>>>> > -Ehtesham
>>>> >
>>>> >
>>>> > --- On Thu, 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote:
>>>> >
>>>> > From: Paweł Wielgus <poulw...@gmail.com>
>>>> > Subject: Re: Handling Browser Back/Forward Button in Struts2
>>>> > To: "Struts Users Mailing List" <user@struts.apache.org>
>>>> > Date: Thursday, January 22, 2009, 12:34 AM
>>>> >
>>>> > Hi Shekher,
>>>> > it was very interesting subject, so i dig a little more.
>>>> > Here [1] is what i found, with some tests.
>>>> > Basicly it turns out that You should add headers in page and to
>>>> response.
>>>> >
>>>> > [1] -
>>>> http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html
>>>> >
>>>> > Best greetings,
>>>> > Paweł Wielgus.
>>>> >
>>>> > 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>:
>>>> >> Is it possible that either i should only put these header in the
>>>> logout
>>>> >> action
>>>> >>
>>>> >> where i am removing the session and den redirecting the user to index
>>>> page
>>>> >> something like this
>>>> >>
>>>> >> HttpServletResponse response=null;
>>>> >> response=ServletActionContext.getResponse();
>>>> >>
>>>> >> response.setHeader("Pragma", "no-cache");
>>>> >> response.setHeader("Cache-Control", "no-cache");
>>>> >> response.setHeader("Expires", "0");
>>>> >>
>>>> >> or can we create a interceptor which can do this for all the request
>>>> wheer
>>>> >> we want this feature??
>>>> >>
>>>> >> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>
>>>> >>
>>>> >>> i tried using setting the eader values but they are not working as
>>>> expected
>>>> >>> i can even
>>>> >>>
>>>> >>> go and move back using broswer back button.
>>>> >>>
>>>> >>> if i will find anything helpfull will share with you
>>>> >>> till then hard luck
>>>> >>> :)
>>>> >>>
>>>> >>> 2009/1/21 Paweł Wielgus <poulw...@gmail.com>
>>>> >>>
>>>> >>> Hi Shekher,
>>>> >>>> what i meant is that it can be done from server side.
>>>> >>>> Check for example Your e-banking application, i did it on mine :-).
>>>> >>>> There, when You press back button browser won't serve You cached
>>>> page
>>>> >>>> but ask server for fresh one - this is controlled with content-cache
>>>> >>>> and pragma, but i can't be more helpfull to You here because i
>>>> haven't
>>>> >>>> done it before.
>>>> >>>>
>>>> >>>> Best greetings,
>>>> >>>> Paweł Wielgus.
>>>> >>>>
>>>> >>>>
>>>> >>>> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>:
>>>> >>>> > Hi Paweł,
>>>> >>>> >
>>>> >>>> > thats true it only send request to server if i will refresh the
>>>> page
>>>> >>>> and
>>>> >>>> > for that i have already custom interceptor places which is
>>>> checking the
>>>> >>>> user
>>>> >>>> > object in session in order to confirm that the request is from
>>>> >>>> authorized
>>>> >>>> > user
>>>> >>>> >
>>>> >>>> > but when i make use of back button it serve the page from the
>>>> local
>>>> >>>> > chache,so the problem is related to client side more than that of
>>>> server
>>>> >>>> > handling
>>>> >>>> >
>>>> >>>> > still trying to find a firm solution for it
>>>> >>>> >
>>>> >>>> > 2009/1/20 Paweł Wielgus <poulw...@gmail.com>
>>>> >>>> >
>>>> >>>> >> Hi Shekher,
>>>> >>>> >> first try this scenario:
>>>> >>>> >> 1. logout user
>>>> >>>> >> 2. back button - check for logs if action was fired
>>>> >>>> >> 3. refresh page - check for logs if action was fired
>>>> >>>> >> Most likely only the 3. will fire action because browser will
>>>> serve
>>>> >>>> >> cached version of that page.
>>>> >>>> >> I was about to write that to deal with it You can use https
>>>> scheme,
>>>> >>>> >> but i just got it checked and it's not true. So maybe using
>>>> pragma and
>>>> >>>> >> or cache-control will do?
>>>> >>>> >>
>>>> >>>> >> Still user can disable javascript so solution with script might
>>>> not
>>>> >>>> work.
>>>> >>>> >> If You find out anything more please let us know.
>>>> >>>> >>
>>>> >>>> >> Best greetings,
>>>> >>>> >> Paweł Wielgus.
>>>> >>>> >>
>>>> >>>> >>
>>>> >>>> >> 2009/1/20 Robert Graf-Waczenski <r...@lsoft.com>:
>>>> >>>> >> > You don't write if the browser back button is supposed to be
>>>> >>>> functional
>>>> >>>> >> in
>>>> >>>> >> > your application (in many cases it is not, but YMMV).
>>>> >>>> >> >
>>>> >>>> >> > If you want to disable the browser back button, use the code
>>>> below in
>>>> >>>> all
>>>> >>>> >> > your pages:
>>>> >>>> >> >
>>>> >>>> >> > <script type="text/javascript">
>>>> >>>> >> > history.forward();
>>>> >>>> >> > </script>
>>>> >>>> >> >
>>>> >>>> >> > I'm not aware of any feature in Struts2 that deals with the
>>>> browser
>>>> >>>> back
>>>> >>>> >> > button.
>>>> >>>> >> >
>>>> >>>> >> > Robert
>>>> >>>> >> >
>>>> >>>> >> >
>>>> >>>> >> > shekher awasthi wrote:
>>>> >>>> >> >>
>>>> >>>> >> >> Hi All,
>>>> >>>> >> >>
>>>> >>>> >> >> in the process of developing application using struts 2.0.11,
>>>> i came
>>>> >>>> >> >> across
>>>> >>>> >> >> the problem of handling browser back/forward button.
>>>> >>>> >> >>
>>>> >>>> >> >> This problem is occurring when we will logout the user.On
>>>> Clicking
>>>> >>>> the
>>>> >>>> >> >> logout button we are currently removing the user from the
>>>> session
>>>> >>>> >> >>
>>>> >>>> >> >> and it worked fine for us. After the successful logout process
>>>> user
>>>> >>>> will
>>>> >>>> >> >> be
>>>> >>>> >> >> redirected to the index page(which have the login field),
>>>> >>>> >> >>
>>>> >>>> >> >> but when user hits the browser back button he is getting
>>>> himself
>>>> >>>> there
>>>> >>>> >> in
>>>> >>>> >> >> the secure page even we have remove the user object from the
>>>> session
>>>> >>>> >> >>
>>>> >>>> >> >> below is the code we are using for removing the user
>>>> >>>> >> >>
>>>> >>>> >> >> session.remove(BSConstant.USER);
>>>> >>>> >> >>
>>>> >>>> >> >> i am clueless where we are doing wrong , as we think we are
>>>> having
>>>> >>>> two
>>>> >>>> >> >> points
>>>> >>>> >> >>
>>>> >>>> >> >> 1) Either the user is not getting removed from the session,but
>>>> the
>>>> >>>> >> chances
>>>> >>>> >> >> are very less as for all other call after logout it is forcing
>>>> the
>>>> >>>> user
>>>> >>>> >> to
>>>> >>>> >> >> login first.
>>>> >>>> >> >>
>>>> >>>> >> >> 2) Back button handling is not there
>>>> >>>> >> >>
>>>> >>>> >> >> my question is, Is there any way in struts2 to handle browser
>>>> >>>> >> back/forward
>>>> >>>> >> >> button or do i need to use some other technique like
>>>> >>>> >> >>
>>>> >>>> >> >> setting response header
>>>> >>>> >> >>
>>>> >>>> >> >> any suggestion in this regard will be much appreciated.
>>>> >>>> >> >>
>>>> >>>> >> >> -s
>>>> >>>> >> >>
>>>> >>>> >> >>
>>>> >>>> >> >
>>>> >>>> >> >
>>>> >>>> >> >
>>>> ---------------------------------------------------------------------
>>>> >>>> >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>>> >>>> >> > For additional commands, e-mail: user-h...@struts.apache.org
>>>> >>>> >> >
>>>> >>>> >> >
>>>> >>>> >>
>>>> >>>> >>
>>>> ---------------------------------------------------------------------
>>>> >>>> >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>>> >>>> >> For additional commands, e-mail: user-h...@struts.apache.org
>>>> >>>> >>
>>>> >>>> >>
>>>> >>>> >
>>>> >>>>
>>>> >>>>
>>>> ---------------------------------------------------------------------
>>>> >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>>> >>>> For additional commands, e-mail: user-h...@struts.apache.org
>>>> >>>>
>>>> >>>>
>>>> >>>
>>>> >>
>>>> >
>>>> > ---------------------------------------------------------------------
>>>> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>>> > For additional commands, e-mail: user-h...@struts.apache.org
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>>> For additional commands, e-mail: user-h...@struts.apache.org
>>>>
>>>>
>>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
