I (Steven J. Owens <[EMAIL PROTECTED]>) asked:
> This brings up an interesting point; what happens if you back up
> to a page generated by a POST operation? The standard behavior is to
> ask the user if they want to repost the data. How do you disable this
> if you want the form not to be cached? Make the form page no-cache?
Pascal Houde <[EMAIL PROTECTED]> writes:
> The best way to solve this problem is by having a state machine in your
> application. Then you would have more "control" over the flow.
I'm not sure how this applies to my question. Obviously I'm
controlling flow in my application where feasible. The concern is
that sensitive information might be in the POST operation; if I want
to prevent it from being re-POSTed, how do I do so?
Or were you replying to the previous user's question?
I've tried using response.setHeader() to set Expires,
Pragma/no-cache, Cache-Control/no-store, both on the page containing
the form and on the generated page. Neither seems to have any effect.
Here's the specific code, pasted from my source:
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setHeader("Expires", "Wednesday, 29-Dec-1995 00:00:00 GMT");
Mike Fontenot <[EMAIL PROTECTED]> suggested:
> <%
> out.println("<META HTTP-EQUIV=\"expires\" CONTENT=\"1996-01-01\">");
> out.println("<META HTTP-EQUIV=\"Cache-Control\" CONTENT=\"no-cache\">");
> out.println("<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">");
> %>
>
> BTW, using the servlet api methods to do this did not seem to work for me
> (using Jrun) so I resorted to the out.println .
We're using Jrun. I'll try using META HTTP-EQUIV tags in the
pages. Hm. Okay, still no effect. If I back up to the generated
page, my browser still tells me:
Data Missing
This document resulted from a POST operation and has expired from
the cache. If you wish you can repost the form data to recreate
the document by pressing the reload button.
Thor Heinrichs-Wolpert <[EMAIL PROTECTED]> writes:
> You may want to have a peek at how the Internic site works. When
> registering a name, and clicking the back-key it will automatically push you
> back to the page they want you at.
Interesting. I went and had a look. Internic's form, specifically
the page generated by:
http://www.networksolutions.com/cgi-bin/purchase/create_list
...generates a an otherwise blank page with a hidden form and a
bit of javascript to submit it, invoked by the OnLoad event. So if
you back up to the blank page, it automatically resubmits you. I'm
looking for something to *prevent* that from happening.
For the curious, here's the code (cleaned up a bit,
whitespace-wise) that Internic's site generates:
<HTML>
<SCRIPT LANGUAGE="JavaScript">
function tester() {
document.forms[0].submit();
}
</SCRIPT>
<BODY onload="tester()">
<form action="http://www.networksolutions.com/cgi-bin/domain" METHOD="POST">
<!-- Begin Loop -->
<input type="hidden" name="Domains" value="scorchmarks.com">
<!-- End Loop -->
<input type="hidden" name="modify" value="New Registration">
<input type="hidden" name="gowhere" value="mainform">
<input type="hidden" name="isFromSicon" value="True">
</form>
</BODY></HTML>
> BTW: They have received a few awards for simple, fast, functional designs
> (translation, look borrow and reuse ideas *g*).
To quote Robert Heinlein (who was probably quoting somebody else)
stealing from one person is plagiarism, stealing from three is
research. Or to quote Pete Seeger, quoting some folk song writer
whose name I can't recall at the moment, "Oh, he just stole from me,
but *I* steal from *everybody*."
Steven J. Owens
[EMAIL PROTECTED]
[EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
