I have a status check system whereby people key-in thir ID and get thier loan status. My problem is when people logout, another person can hit the browser's back button ang preious ID value appears in the login box. How can I prevent this? All other aspects is OK since i used application var and user cannot simple enter the URL..
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Expiration Problem
- Thread starter accuransx
- Start date
This would be one way to deal with this problem. The script still need some work (as it works in Internet Explorer only), but it's a good start.
When the form is submitted, any submit and reset buttons are disabled. This prevents the user from submitting the form repeatedly, whether by accident or on purpose. The form will just act normally for Netscape users.
<!-- TWO STEPS TO INSTALL DISABLE SUBMIT:
1. Copy the coding into the HEAD of your HTML document
2. Add the last code into the BODY of your HTML document -->
<!-- STEP ONE: Paste this code into the HEAD of your HTML document -->
<HEAD>
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
function disableForm(theform) {
if (document.all || document.getElementById) {
for (i = 0; i < theform.length; i++) {
var tempobj = theform.elements;
if (tempobj.type.toLowerCase() == "submit" || tempobj.type.toLowerCase() == "reset"
tempobj.disabled = true;
}
setTimeout('alert("Your form has been submitted. Notice how the submit and reset buttons were disabled upon submission."', 2000);
return true;
}
else {
alert("The form has been submitted. But, since you're not using IE 4+ or NS 6, the submit button was not disabled on form submission."
return false;
}
}
// End -->
</script>
</HEAD>
<!-- STEP TWO: Copy this code into the BODY of your HTML document -->
<BODY>
<center>
<form onSubmit="return disableForm(this);">
Name: <input type=text name=person>
<input type=submit><input type=reset>
</form>
</center>
<p><center>
<font face="arial, helvetica" size="-2">Free JavaScripts provided<br>
by <a href=" JavaScript Source</a></font>
</center><p>
<!-- Script Size: 1.33 KB --> Sylvano
dsylvano@hotmail.com
"every and each day when I learn something new is a small victory..."
When the form is submitted, any submit and reset buttons are disabled. This prevents the user from submitting the form repeatedly, whether by accident or on purpose. The form will just act normally for Netscape users.
<!-- TWO STEPS TO INSTALL DISABLE SUBMIT:
1. Copy the coding into the HEAD of your HTML document
2. Add the last code into the BODY of your HTML document -->
<!-- STEP ONE: Paste this code into the HEAD of your HTML document -->
<HEAD>
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
function disableForm(theform) {
if (document.all || document.getElementById) {
for (i = 0; i < theform.length; i++) {
var tempobj = theform.elements;
if (tempobj.type.toLowerCase() == "submit" || tempobj.type.toLowerCase() == "reset"
tempobj.disabled = true;
}
setTimeout('alert("Your form has been submitted. Notice how the submit and reset buttons were disabled upon submission."
', 2000);return true;
}
else {
alert("The form has been submitted. But, since you're not using IE 4+ or NS 6, the submit button was not disabled on form submission."
;return false;
}
}
// End -->
</script>
</HEAD>
<!-- STEP TWO: Copy this code into the BODY of your HTML document -->
<BODY>
<center>
<form onSubmit="return disableForm(this);">
Name: <input type=text name=person>
<input type=submit><input type=reset>
</form>
</center>
<p><center>
<font face="arial, helvetica" size="-2">Free JavaScripts provided<br>
by <a href=" JavaScript Source</a></font>
</center><p>
<!-- Script Size: 1.33 KB --> Sylvano
dsylvano@hotmail.com
"every and each day when I learn something new is a small victory..."
- Thread starter
- #3
I don't see how you can stop users from clicking browser's back button, but even when they do that, the page is virtually dead. With this script, when user clicks browser back button - the submit button is disabled. User can do nothing but refresh page and than he will get blank form fields.
Sylvano
dsylvano@hotmail.com
"every and each day when I learn something new is a small victory..."
Sylvano
dsylvano@hotmail.com
"every and each day when I learn something new is a small victory..."
Hey, did either one of you get this script to work? I copied exactly as is, and it doesn't do anything. I don't get any alert box when I click "Submit" a second time. I even went to JavaScript.com just to make sure I got it right. I tried checking my JavaScript reference, and I just noticed today that it hasn't been updated since November of 1997! I was looking for some of the functions this scripts uses, and, of course, I couldn't find them. No wonder I couldn't find them, the reference is 5 years out of date! Anyway, enough ranting. I saw this and decided it would be a useful feature to add to a couple of my forms. Calista :-X
Jedi Knight,
Champion of the Force
Jedi Knight,
Champion of the Force
Mahmut Basaran contributed this script:
It uses CGI information and Session variables to "track" where a user is (and was) and will not let you go back and re-submit. No JavaScript in that example but obviously using Session variables you need to be sure the user has thier cookies enabled or remember to pass the URL CFTOKEN from page to page.
It uses CGI information and Session variables to "track" where a user is (and was) and will not let you go back and re-submit. No JavaScript in that example but obviously using Session variables you need to be sure the user has thier cookies enabled or remember to pass the URL CFTOKEN from page to page.
here you'll find demo:
Sylvano
dsylvano@hotmail.com
"every and each day when I learn something new is a small victory..."
Sylvano
dsylvano@hotmail.com
"every and each day when I learn something new is a small victory..."
OK, WWebSpider, now I'm confused. I went to the link you provided, and the demo worked as expected. I copied the script using their "Highlight All" button and copied it onto a blank page. It doesn't work. The submit and reset buttons still work. I don't think it's my machine, because the demo worked. Any ideas? Calista :-X
Jedi Knight,
Champion of the Force
Jedi Knight,
Champion of the Force
- Thread starter
- #11
hey calista,
you were right, the script they are giving us on javascript.internet.com is not working; here is script you can try; it worked fine on my machine:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<HEAD>
<SCRIPT LANGUAGE="JavaScript">
<!-- Web Site: -->
<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! -->
<!-- Begin
function disableForm(theform) {
if (document.all || document.getElementById) {
for (i = 0; i < theform.length; i++) {
var tempobj = theform.elements;
if (tempobj.type.toLowerCase() == "submit" || tempobj.type.toLowerCase() == "reset"
tempobj.disabled = true;
}
setTimeout('alert("Your form would have been submitted, but this is just a demo. Notice how the submit and reset buttons were disabled upon submission."', 2000);
return false;
}
else {
alert("Your form would have been submitted, but this is just a demo. But, since you're not using IE 4+ or NS 6, the submit button was not disabled on form submission."
return false;
}
}
// End -->
</script>
</HEAD>
<body>
<center>
<form onSubmit="return disableForm(this);">
Name: <input type=text name=person>
<input type=submit><input type=reset>
</form>
</center>
<p><center>
<font face="arial, helvetica" size="-2">Free JavaScripts provided<br>
by <a href=" JavaScript Source</a></font>
</center><p>
</body>
</html> Sylvano
dsylvano@hotmail.com
"every and each day when I learn something new is a small victory..."
you were right, the script they are giving us on javascript.internet.com is not working; here is script you can try; it worked fine on my machine:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<HEAD>
<SCRIPT LANGUAGE="JavaScript">
<!-- Web Site: -->
<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! -->
<!-- Begin
function disableForm(theform) {
if (document.all || document.getElementById) {
for (i = 0; i < theform.length; i++) {
var tempobj = theform.elements;
if (tempobj.type.toLowerCase() == "submit" || tempobj.type.toLowerCase() == "reset"
tempobj.disabled = true;
}
setTimeout('alert("Your form would have been submitted, but this is just a demo. Notice how the submit and reset buttons were disabled upon submission."
', 2000);return false;
}
else {
alert("Your form would have been submitted, but this is just a demo. But, since you're not using IE 4+ or NS 6, the submit button was not disabled on form submission."
;return false;
}
}
// End -->
</script>
</HEAD>
<body>
<center>
<form onSubmit="return disableForm(this);">
Name: <input type=text name=person>
<input type=submit><input type=reset>
</form>
</center>
<p><center>
<font face="arial, helvetica" size="-2">Free JavaScripts provided<br>
by <a href=" JavaScript Source</a></font>
</center><p>
</body>
</html> Sylvano
dsylvano@hotmail.com
"every and each day when I learn something new is a small victory..."
Still doesn't work. What did you change? Now, instead of it doing nothing, I get following error:
Line 19
'type' is null or not an object.
I am using IE 5.5. Is it possible it doesn't recognize document.all and getElementById? Calista :-X
Jedi Knight,
Champion of the Force
Line 19
'type' is null or not an object.
I am using IE 5.5. Is it possible it doesn't recognize document.all and getElementById? Calista :-X
Jedi Knight,
Champion of the Force
Hi Folks.
THere is a simpler way to overcome this problem.
1) Use this script into APPLICATION.CFM
<cfheader name="Expires" value="#Now()#">
<cfheader name="Pragma" value="no-cache">
<cfheader name="Cache-Control" value="no-cache, must-revalidate">
and then:
2) use a PASSWORD type field also for the ID.
THis will make the BROWSER itself to clean the fields, all the time you hit BACK button.
After all, this is a VERY sensitive information, so WHY not use TWO PASSWORD fields?
Cheers
Sergio
THere is a simpler way to overcome this problem.
1) Use this script into APPLICATION.CFM
<cfheader name="Expires" value="#Now()#">
<cfheader name="Pragma" value="no-cache">
<cfheader name="Cache-Control" value="no-cache, must-revalidate">
and then:
2) use a PASSWORD type field also for the ID.
THis will make the BROWSER itself to clean the fields, all the time you hit BACK button.
After all, this is a VERY sensitive information, so WHY not use TWO PASSWORD fields?
Cheers
Sergio
Guest_imported
New member
- Jan 1, 1970
- 0
I might as well add my two cents. You may want to consider using the JavaScript location.replace(URL) function to load one or more of the pages. This function replaces the current document with a new one without generating a new entry in the browser's history. You could arrange it so that any sensitive information on a page cannot be re-viewed by using the Back button.
- Status