keeping users from going back to previous pages using the back button

[froggerIII]

i am writing an application in which it is very important that users go sequentially through each page, and because issues with session variables and the database, things can get messed up when the user presses the back button in the browser. We have provided a navigation bar at the bottom of the page, and if that is used, everything is fine (session variables and such are set when the back button is pressed on the nav bar) Is there a way to keep the users from pressing the back button on the browser

 

[crystalized]

I would also like to know the answer to this question.<br><br>I had thought about opening a window with no back button on it, but on my mouse I have a &quot;Back&quot; button built in (as will many people using the app), so I do not think that will solve the problem.<br><br>If you find an answer to this question from somewhere else would you be so kind as to post it here, I would really like to know how you resolve the problem. <p>Crystal<br><a href=mailto:crystals@genesis.sk.ca>crystals@genesis.sk.ca</a><br><a href= > </a><br>--------------------------------------------------<br>
Experience is one thing you can't get for nothing.<br>
-Oscar Wilde<br>

 

[palbano]

Dear froggerIII and Crystal,<br><br>You can't keep the user from going back. The only thing you can do is not create a 'history' as they navigate through the site, that way there is no history so they can't go 'back'. Of course that is all handled on the client side code where the links actually are processed. It is an ugly situation at best. It is really bad when you&nbsp;&nbsp;are using forms to submit data. The form data has to be manually processed into a querystring so that you can use the window.location.replace() method passing the URL and querystring as a parameter. Yuck!<br><br>Now, since this is the ASP forum which is server side processing, you can of course refuse to let the user have access to the page if they have already been there. There are several techniques you could employ to accomplish this like 'redirection'&lt;nasty&gt;, which I personally would NOT recommend.<br><br>Anyway you decide to send the user to another location than the one they came 'back' to, you need to know 'what' that location is. You could use some session state information to determine that or use the Request.ServerVariables(&quot;HTTP_REFERER&quot value to help you determine where to send them.<br><br>Should you accept this assignment I will disavow any knowledge of your existence... this post will self destruct in 5 seconds, good day Mr. Phelps<br><br>-pete<br>

 

[PatHastings]

How about just using a session variable.<br>it would start at 0 and page 1 would increment it to 1<br>page two to 2 and so forth<br><br>the first thing that each page does is to check the value of this session variable. If it is higher than the value of the page then the user has hit the back button and it displays an error message telling them to stop being naughty and quit using the back button

 

[froggerIII]

The problem is not really the user pressing the back button, it occurs when the user presses forward after he has gone back (in the application i am writing, forms MUST be submitted so data can be stored into Session variables and the database). There are a couple of pages where Session variables must be cleared. This turns into a big problem later on in the application if the form which fills these variables was not submitted (the user pressed forward).&nbsp;&nbsp;My thoughts were that if I could keep the user from going back, he would not be able to press forward. I would really appreciate help

 

[NickBulka]

If your pages must be accessed in a specific order,&nbsp;&nbsp;you can use the server variable http_referrer to make sure they're accessing the pages in the correct order. <p>nick bulka<br><a href=mailto: > </a><br><a href= > </a><br>

 

[palbano]

Hello ASP Campers,<br><br>When the user requests the browser to move backwards and forwards in the history the page is NOT requested from the server. Therefore server side code ALONE cannot produce a solution to this question.<br><br>Browser applications have some limitations. The limitations are more sever the more browsers you must support. This is an inescapable fact.<br><br>&quot;But, that's just my opinion... I could be wrong&quot;.<br>-pete

 

[AnandMishra]

Hi:<br><br>You are right. it is best choice that know your limitation and accordiginly design the application. <br><br>Always there are more than one way to achieve the objectives. so look for best and adop it.<br><br>Anand

 

[NickBulka]

As long as you prevent caching of pages, you can rely on server side processing to enforce your site structure.&nbsp;&nbsp;We use this technique in our current project, and it works reliably.&nbsp;&nbsp;<br><br>For a good explanation of various techniques for preventing caching,&nbsp;&nbsp;I'd suggest reading Phil Paxton's white paper at <A HREF="

http://www.learnasp.com/learn/cachenomore.asp"

TARGET="_new">

http://www.learnasp.com/learn/cachenomore.asp</A><br>

<p>nick bulka<br><a href=mailto: > </a><br><a href= > </a><br>

 

[palbano]

Nick,<br><br>You have that working when the browsers 'back' button is pressed?<br><br>How, I have not been able to expire pages causing the browser to request the page from the server when the user clicks the 'back' button.<br><br>Thanks<br>-pete

 

[froggerIII]

Nick,<br>Thanks for the direction to that USR. In the standard include file for our project, the last four lines of code are:<br><br>Response.CacheControl = &quot;no-cache&quot;<br>Response.AddHeader &quot;Pragma&quot;, &quot;no-cache&quot;<br>Response.ExpiresAbsolute = Now()- 1000<br>Response.Expires = 0<br><br>should these work for all browsers except ie5 ?<br><br>don't have enough time to do the unique url thing, i was thinking that rather than trying to stop the user from going back, just do a check to make sure required information hadn't been lost or bypassed by the time the user got back to the final submission page. If it has, send them back to a menu or error page

 

[eclipticedge]

Add this to any page that you do not want someone to come back to.

for (var Num = window.history.length; Num>0; Num--)
{history.go(Num);}

 

[Funka]

i implemented a way to check if pages are ever submitted more than once or even submitted out of order that works quite well.

it involves generating a random, unique key that changes on each page. call this the FormToken. include this FormToken as a hidden input on every form, and even put it in the querystring if links can be clicked.

so, on your first page, you generate a random FormToken, put it in a hidden input, and also set it in the user's Session variable.

on the next page that processes the submitted form, simply check the received formToken with what is in the Session var. (if they don't match, it means the form was submitted out of order, or was submitted twice.) if they DO match, you know that the user has been a good user and has submtting the proper, expected form. you then generate a new random token, and put this new token in the session var and hidden inputs again. generate a new token on every page.

in this way, you are uniquely identifying each form, and by setting it in the session var, you are in essence saying that this (and only this!) unique form is the only one that you will accept. this trick also works perfectly to keep the same form from being submitted more than once.

let us know what you settle on. good luck!