disable go back function in browser using servlet

Question

I made a simple website with login page, everything works fine except when user click on GO BACK button in browser, the previous page shows up after logout.

I have tried to track session, but not successful, any suggestions? ps: i prefer to achieve this on server side programming.

Thanks

Here is my redirect url filter, if anything, this could be where the problem is

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) 
                    throws IOException, ServletException 
{
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;

    HttpSession session= request.getSession(false);

   if(request.getRequestURI().compareToIgnoreCase("/login.jsp")!=0&&
           request.getRequestURI().compareToIgnoreCase("/")!=0)
   {
            if (session!=null &&!session.isNew()) 
            {
                    chain.doFilter(req, res);
            }
            else 
            {
                response.sendRedirect(request.getContextPath()+"/login.jsp"); 
               }
  }
   else
   {
       chain.doFilter(req, res);

   }
}

Why not fix the problem rather than implement a workaround (i.e. disable back button)? I hate websites that don't let me use Back without handling it properly. Perhaps we could help you to fix the issue with pages showing after a user logs out instead? — Deco, Feb 12 '12 at 05:57
"I have tried to track session, but not successful" - this is the preferred way, though. If user is not authenticated, send HTTP 302 redirect to your login page URL. From any URL requiring any authentication. You could even add the previously requested resource to the redirect parameters to allow to jump back. — Alex Pakka, Feb 12 '12 at 06:06
yes, i have check that post too, but it does not work, when go back on browers, i can still see the page and session get resent to server and secured information stilll shows up — ikel, Feb 13 '12 at 04:19

score 1 · Answer 1 · answered Feb 12 '12 at 05:57

1

2 quick ways I can think of:

call the following javascript code:

window.history.back(0) = window.location
change your body tag to:

< body onunload="javascript:history.go(1)" >

answered Feb 12 '12 at 05:57

Nir Alfasi

49,889
11
75
119

1

i really prefer server side solution – ikel Feb 12 '12 at 18:40
try this: http://tech-torch.blogspot.com/2007/02/disabling-browser-back-button.html – Nir Alfasi Feb 12 '12 at 19:58
1

thanks, but those are client side implementation, i need something on server side, and i actually implemented those no-cache settings in header, but no use – ikel Feb 13 '12 at 03:59
please read all the way through - there are both client side AND server side implementations – Nir Alfasi Feb 13 '12 at 05:32

Mohamed Ali · Answer 2 · 2017-07-20T12:17:37.680

By using javascript if you have two pages page1 and page2 and (page1 redirect to page2) and you want to restrict the user from getting back to page1, just put this code at page1.

 <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/jquery-ui.min.js"></script>
    <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
    <script>
        $(document).ready(function () {
            function disableBack() {
                window.history.forward()
            }

            window.onload = disableBack();
            window.onpageshow = function (evt) {
                if (evt.persisted)
                    disableBack()
            }
        });
    </script>

disable go back function in browser using servlet

2 Answers2