Hi Kito,
Even if we delete the cache contents, what happens really is the
content of username item, and password item becomes blank, and still we can
go to the next screen using the forward button.
So my question is, by anymeans can we trap in our doget() or
dopost() methods, whether that page(servlet) is called through back/forward
buttons?
TIA
Aks
-----Original Message-----
From: Kito Mann [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 11, 2000 1:23 AM
To: [EMAIL PROTECTED]
Subject: Re: getParameter and Reload behavior
Jean,
First question: once the user is validated, are you saving any information
in cookies? That sounds like the logical reason you're seeing the behavior
you're seeing (and it's normal).
Second question: do you _only_ want people to get to the main page
immediately after a login? In other words, is the main page the only piece
of access-conrolled content, or are there additional requests that require
a valid user account. If there is additional content, I assume you're
maintaining state somehow (you have to remember who is logged in).
Really the only way to keep someone from getting back to the login screen
is to change the cache behavior by setting some HTTP headers (search the
archives for the details -- I don't remember them offhand). However, cache
control doesn't ALWAYS work right -- it's highly browser (and Proxy)
dependent. You could disable the BACK button with JavaScript, but that
wouldn't prevent someone from jumping to the URL. Also, if you look at most
web sites, it's usually possible to go back to the login page (if it's a
separate URL).
At any rate, you might as well use the HTTP headers and move on...:-)..
Kito D. Mann
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Monday January 10, 2000 12:55 PM
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc: (bcc: Kito Mann/PSG/Prudential)
Subject: getParameter and Reload behavior
Hi folks:
SCENARIO:
1) User starts at Logon page, provide user name and password, then hit
submit button to go to Main page
2) Main page reads data from form using getParameter and allows user in
Main page if user valid.
3) User clicks Back button and goes back to Logon page (the server
produces the page again because all pages are set to expires right away)
4) Without the user providing proper user name and password, user clicks
Forward button. Message appears indicating page has expired. User
clicks OK to reload page. User gets Main page.
PROBLEM:
My Main page would normally return the user to Logon based on the user
name and password not being valid, but in this case it accepts it. I'm
suspecting here that request.getParameter( ) retrieves the form's input
value from the first logon in step 1.
QUESTION:
1) Am I guessing right here regarding the getParameter( ) method?
2) If so, are there any solutions involving some simple settings? (the
only solution that comes to mind is to have some session object, say
some flag, that would alert me that the user is in that state (i.e. got
past Logon the second time using Forward)
Your input is always much appreciated...
Thanks!
Jean
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
