How to prohibit accessing previous records through the browser's back button?
The browser's back button allows us to easily return to previously visited pages, which is undoubtedly very useful. But sometimes we have to turn off this feature to prevent users from disrupting the scheduled page access order. This article introduces various browser back button solutions that can be found on the Internet, analyzing their respective advantages and disadvantages and applicable occasions.
1. Overview
Many people have asked, "How can you 'disable' the browser's back button?", or "How can you prevent users from clicking the back button to return to previous browsers.
Viewed page? "This question is also one of the most asked questions on the ASP forum. Unfortunately, the answer is very simple: we cannot disable the browser's back
button.
At first I was incredible that someone actually wanted to disable the browser's back button. Later, I saw that so many people wanted to disable this back button
I was relieved (the only thing I wanted to disable was the back button, not the browser's forward button). Because by default, the user can pass after submitting the form
Go back to the form page through the back button (rather than using the Edit button!), and edit and submit the form again to insert a new record into the database. This is not
Wish you see.
So I decided to find a way to avoid this. I visited many websites and referenced the various implementation methods introduced by these websites. if you
I often visit ASP programming websites, and you may have seen some of the content introduced in this article. The task of this article is to introduce all possible methods to everyone and then find
Find the best way!
2. No caching
Among the many scenarios I found, there is one of them that prohibits page caching. Specifically, use server-side scripts, as shown below:
<%
= True
= Now() - 1
= 0
= "no-cache"
%>
This method is very effective! It forces the browser to revisit the server download page instead of reading the page from the cache. When using this method, the programmer's master
The important task is to create a session-level variable that determines whether the user can still view the page that is not suitable for access through the back button. Due to the
The browser no longer caches this page. When the user clicks the back button, the browser will download the page again. At this time, the program can check the session variable to see if it is
Users should be allowed to open this page.
For example, suppose we have the following form:
<%
= True
= Now() - 1
= 0
= "no-cache"
If Len(Session("FirstTimeToPage")) > 0 then
&single; The user has visited the current page and is now back to access again.
&single; Clear the session variable and redirect the user to the login page.
Session("FirstTimeToPage") = ""
"/"
End If
&single; If the program runs here, it means that the user can view the current page
&single; Start creating the form below
%>
<form method=post action="">
<input type=submit>
</form>
We use the session variable FirstTimeToPage to check whether the user is visiting the current page for the first time. If it's not the first time (i.e. Session
("FirstTimeToPage") contains a value), then we clear the value of the session variable and redirect the user to a start page. In this way, when the form
When submitting (it is opened at this time), we must assign a value to FirstTimeToPage. That is, we need to add the following
Code:
Session("FirstTimeToPage") = "NO"
In this way, if the user who has opened clicks the back button, the browser will re-request the server download page and the server checks the session
("FirstTimeToPage") contains a value, so Session("FirstTimeToPage") is cleared and the user is redirected to another page. Of course, all
All this requires that the user enables cookies, otherwise the session variable will be invalid. (For more description of this issue, see For session variables
to work, must the Web visitor have cookies enabled?)
In addition, we can also use client code to make the browser no longer cache the web page:
<html>
<head>
<meta http-equiv="Expires" CONTENT="0">
<meta http-equiv="Cache-Control" CONTENT="no-cache">
<meta http-equiv="Pragma" CONTENT="no-cache">
</head>
If you use the above method to force the browser to no longer cache the web page, you must pay attention to the following points:
The browser prevents the page from being cached when using a secure connection. For pages that are not protected by security, "Pragma: no-cache"
It is considered the same as "Expires: -1", and the browser still caches the page, but marks the page as expired immediately.
In IE 4 or 5, the "Cache-Control" META HTTP-EQUIV tag will be ignored and does not work.
In actual applications we can add all of this code. However, since this method cannot be applied to all browsers, it is not recommended. but
If it is in an intranet environment, the administrator can control which browser the user uses, I think someone will use this method.
3. Other methods
Next we will discuss the method behind the back button itself is centered instead of browser cache. Here is an article Rewiring the Back Button very
Worth referring to. However, I noticed that if you use this method, although the user will not see the page where the data was entered before when clicking the back button, just click
Just hit twice, which is not the effect we hope, because many times, stubborn users can always find ways to bypass preventive measures.
Another way to disable the back button is to use client JavaScript to open a window without a toolbar, which makes it difficult for the user to return to the previous page, but
Not impossible. A safer but rather annoying way is to open a new window when the form is submitted while closing the window where the form is located. But I think
This method is not worthy of serious consideration, because we can't let users open a new window for every form submitted.
So, can JavaScript code be added to the page we don’t want the user to return? JavaScript code added to this page can
Used to create the effect of clicking the forward button, which offsets the action generated by the user clicking the back button. The JavaScript code used to implement this function is as follows
Shown:
<script language="JavaScript">
<!--
javascript:(1);
//-->
</script>
Similarly, although this method works, it is still far from the "best method". Later I saw someone suggesting to use one
The page goes to another page. The principle of this method is to replace the current historical record with the URL of the new page, so that there is only one page in the browsing history.
The back button will never become available. I think this may be exactly the approach many people are looking for, but this approach is still not the best way in any case. Use this
An example of the method is as follows:
<A HREF="../../" onclick="javascript:();
=false; ">
Links to this page are prohibited</A>
Links to this page are prohibited!
The disadvantage of this approach is that simple application will no longer work, because each time the user goes from one page to another,
We all have to clear it with client code. Also note that this method clears the last access history, not all
access history.
Click the link above and you will open a simple HTML page. Click the back button again, and you can see that the page is not this page, but this page
Previous page! (Of course, you must enable client-side JavaScript code in your browser.)
After some careful search, I found that I still couldn't find a way to completely disable the browser back button. All the methods described here
All can prohibit users from returning to the previous page to different degrees and in different ways, but they all have their own limitations. Since there is no presence, the back button can be completely disabled
so the best solution should be: mix client-side scripts and server-side scripts.
<html>
<head>
<meta http-equiv="Expires" CONTENT="0">
<meta http-equiv="Cache-Control" CONTENT="no-cache">
<meta http-equiv="Pragma" CONTENT="no-cache">
</head>
<script language="JavaScript">
<!--
javascript:(1);
//-->
</script>
Previous page1234567891011121314151617181920Next pageRead the full text