Authenticate when user clicks back button after logging out

Hi All,
Is there a way that the user can be forced to authenticate, if he has just logged out, and then clicks the back button.
I have a situation where a user who is working on relatively sensitive data logs out (yeees they should close the browser and all, but they never obey instructions... ) and someone else can come around and click the back button, and see what what he had been working on.
Is there a way to disable this behaviour, or otherwise force a reload/re-authentication.
Thanks.

Hi there,
You can accomplish this by writing this code in each page of your application
Write this in your html header:
<script type="text/javascript">
javascript:history.go(1);
</script>and write this in Page HTML Body Attribute:
onunload="javascript:history.go(1)";It will not allow your users to go back.
Thanks
Tauceef

Similar Messages

  • Invalidate session when user clicks back button

    I want to invalidate the session when user clicks back button, so that user cannot refresh and reload a page.
    Any suggestions will be highly appreciated.
    Message was edited by:
    sam_amc

    * SessionInvalidator.java
    * Created on October 27, 2006, 9:18 AM
    package web;
    import java.io.*;
    import java.net.*;
    import javax.servlet.*;
    import javax.servlet.http.*;
    * @author javious
    * @version
    public class SessionInvalidator extends HttpServlet {
        /** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
         * @param request servlet request
         * @param response servlet response
        protected void processRequest(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
            response.setContentType("text/html;charset=UTF-8");
            PrintWriter out = response.getWriter();
            String reposted = request.getParameter("reposted");
            if("true".equals(reposted))
                HttpSession session = request.getSession(false);
                if(session == null)
                    // This is step 4 and beyond
                    out.println("<html>");
                    out.println("<head>");
                    out.println("<title>Servlet SessionInvalidator</title>");
                    out.println("</head>");
                    out.println("<body>");
                    out.println("<h1>Servlet SessionInvalidator at " + request.getContextPath () + "</h1>");
                    out.println("I said, your session is now invalid! Now where are those Duke Dollars at?");
                    out.println("</body>");
                    out.println("</html>");
                else
                    Integer hitCount = (Integer)session.getAttribute("hitCount");
                    if(hitCount == null)
                        // This is step 2 (the "good" - "stay" page.)
                        out.println("<html>");
                        out.println("<head>");
                        out.println("<title>Servlet SessionInvalidator</title>");
                        out.println("</head>");
                        out.println("<body>");
                        out.println("<h1>Servlet SessionInvalidator at " + request.getContextPath () + "</h1>");
                        out.println("Your session is good.<br>");
                        out.println("If you click the browser's back button, you will invalidate your session.");
                        out.println("</body>");
                        out.println("</html>");
                        hitCount = 1;
                        session.setAttribute("hitCount", hitCount);
                    else
                        //We've used up our good visit
                        session.invalidate();
                        // This is step 3
                        out.println("<html>");
                        out.println("<head>");
                        out.println("<title>Servlet SessionInvalidator</title>");
                        out.println("</head>");
                        out.println("<body>");
                        out.println("<h1>Servlet SessionInvalidator at " + request.getContextPath () + "</h1>");
                        out.println("Your session is now invalid");
                        out.println("</body>");
                        out.println("</html>");
            else
                // because the javascript in the following output will never allow a user
                // to continue clicking back any further than this, we can safely create the session.
                // (or perhaps the session can already be created here and this may not be necessary).
                // A problem lies where if the user chooses to "select" a page back in history they thereby
                // potentially skip back "over" this functionality, thus defeating the purpose of it.
                request.getSession(true);
                // This is step 1 (indirection)
                out.println("<html>");
                out.println("<head>");
                out.println("<title>Servlet SessionInvalidator</title>");
                out.println("</head>");
                out.println("<body onload=\"document.getElementById('invalidatorForm').submit()\">");
                out.println("<h1>Servlet SessionInvalidator at " + request.getContextPath () + "</h1>");
                out.println("<form id=\"invalidatorForm\" action=\"SessionInvalidator\" method=\"POST\">");
                out.println("<input type=\"hidden\" name=\"reposted\" value=\"true\">");
                out.println("</form>");
                out.println("</body>");
                out.println("</html>");
            out.close();
        // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
        /** Handles the HTTP <code>GET</code> method.
         * @param request servlet request
         * @param response servlet response
        protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
            processRequest(request, response);
        /** Handles the HTTP <code>POST</code> method.
         * @param request servlet request
         * @param response servlet response
        protected void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
            processRequest(request, response);
        /** Returns a short description of the servlet.
        public String getServletInfo() {
            return "Short description";
        // </editor-fold>
    }The problem with even attempting to do this is that with today's browser capabilities, users can optionally choose to jump to a particular page in the browser history and this may not necessarily be the most recent page. In this case, you would also want to invalidate the user's session after already having been there (whatever page that may be). Then you have situations when the user may wish to jump back in history to external pages they were visiting before they reached your own site's pages. Then what happens when they start clicking forward, forward, etc... from there? This is why I prefer writing Swing Clients as alternatives to browser applications. There are soo many possible ways break web applications made for standard web browsers both maliciously and simply by accident or irregular user patterns. Regardless, this servlet would work based on the assumption that all the user(s) would "ever" do aside from moving logically forward is clicking on the browser's "back" button.
    cheers!
    Message was edited by:
    javious

  • Stop user from cliking back button after logging out

    How can I stop the user from clicking the back when they had clicked the log out link...?
    <%@ page language="java" %>
    <html>
    <head>
    <title></title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    </head>
    <body>
    </body>
    <script language="JavaScript" type="text/JavaScript">
    function refreshIt() {
    setTimeout('window.parent.location.reload()', 7 * 1000);
    <%
    session.removeAttribute("username");
    session.invalidate();
    response.sendRedirect( response.encodeRedirectUrl("index.jsp?message=You had logged out from the system"));
    %>
    document.onload = refreshIt();
    </script>
    </html>

    You can NOT stop the user from clicking the "back" button.
    However, all is not lost.
    Since you're invalidating the session, simply have every page that requires the user to be logged in check for a valid session before proceeding. Put that code into an "include" file. If the session is invalidated, redirect the user back to the "Please Login" page. Do this IMMEDIATELY before doing ANYTHING.
    Another technique, but is essentially the same thing, is to "logout" to a page with javascript that redirects the user to the "You are Now Logged Out" page, with either a "redirect" or a "window.forward()" call. When the user clicks "back", they'll return to the page with the javascript that redirects the user to the "You are Now Logged Out" page. The only problem with that is that savvy users using IE can click the "history" portion of the "back" button, and go back 2, 3, 4, etc. pages if they want to.
    Therefore, you'll still have to write the code at the beginning of every page that kicks the user back to "Please Login" if the session was invalidated.

  • Old topic: Refresh when user click back button

    Yes yes, i know, this is old topic, which already discussed thoroughly in the forum,
    But, pls read my question....
    i try this:
    res.setHeader("Cache-Control", "no-cache");
    res.setHeader("Pragma", "no-cache");
    res.setDateHeader("max-age",0);
    res.setDateHeader("Expires",0);
    res.addHeader("Cache-Control", "no-store");
    However, when i forward to a page, then click back button to the previous page, which have the code above, however, the page is still the old one, the page was not reloaded from server
    Any suggestion? 1:57 am, my local time.......

    I just use:
    response.setHeader("Pragma","no-cache");
    response.setHeader("Cache-Control","no-store");
    response.setDateHeader("Expires",0);I have tried this, still the same...what can i do? Any more workable solution?

  • Showing universal work list when user clicks a button in webdynpro java

    Hi,
    I am developing webdynpro java application, when user clicks a button i want to display Universal worklist in the portal, if user is logged in then it directly shows in portal otherwise it should asks for username and password.
    Thanks,
    Madhu

    Hi Pithre,
    For this you have to use portal navigation classes, Same scenario occurred in previous forums, search thoroughly before you post the question.
    Go to the below link, May u r problem will be solved.
    Universal Work List & Web Dynpro
    Regards,
    Pradeep

  • How to make the page expired when user click back

    how to make the page as expired when i click back button on the browser.
    i want a better way.
    actually i have a timer.when it reaches 00.00 then the expired page will be called automaticlly using location.href="expired.jsp" then if the user clicks back it should not show the previous page.this concept is applied with paging concept
    response.setheader is not working ...
    i have redirect when click back using
    <body onunload>....i call another page here.
    but it is not a good way.
    so pls help me to solve this problem
    using session or another good way

    Use this instead.
    Frame.setDefaultCloseOperation(javax.swing.WindowConstants.DO_NOTHING_ON_CLOSE);

  • Weird thing about when user click Update button

    Hi,
    I got a very weird thing when i want to add some my code in button "1" on click event. I use below code to capture the on click event when user click "Update" button, so i can do some tasks(assign some fix value to a specific field). I found i can capture the event only once. Once the document is updated and i open second recordl then my code is never exexuted then. No error, no exception. Is anyone know what happen?
    Thanks,
    Lan

    Hi All,
    Yes, you are right. After i use try block, i can see the error. I thought I should be expected an red exception alert in the B1 info bar.
    Thank you !
    Lan

  • Problem report only print out when i click back button

    hi all..i having problem with my report print program. the problem is my report did not immediately print out when i click print button. the program require me to click back button before print out execute. please help me to solve this problem. Thank you.
    Edited by: padile on Jan 7, 2010 3:51 AM

    Hi,
    In your program, mention the following:
    DATA: gs_out_opt TYPE ssfcompop.
    gs_out_opt-tdimmed = 'X'           "Print immediately
    CALL FUNCTION lv_fname         "Smartform FM
          EXPORTING
            output_options     = gs_out_opt  
    Regards,
    Dawood.

  • At selection-screen when user presses back button

    Experts,
    I have two radio buttons and two relative checkboxes ( one checkbox related to other ).
    Now when user selects one radio button and executes teh program, there is a summary page. When user presses back button from there, I return to the selection screen, however the selections are still there.
    Ideally I want a blank screen, as in nothing selected( similar screen when program is executed first ). Is it possible ?
    Kindly advise,
    Gols

    Hi,
    Try clearing radio buttons and check boxes at PBO of selection screen using AT SELECTION-SCREEN OUTPUT statement.
    PARAMETERS:
      p_rad1 TYPE c RADIOBUTTON GROUP rd1,
      p_rad2 TYPE c RADIOBUTTON GROUP rd1.
    PARAMETERS:
      p_chk1 TYPE c AS CHECKBOX,
      p_chk2 TYPE c AS CHECKBOX.
    AT SELECTION-SCREEN OUTPUT.
      CLEAR: p_rad1, p_rad2, p_chk1, p_chk2.
    Hope this helps.
    Regards,
    txhughes

  • How can we enable tick icon when user click any button

    how can we enable tick icon when user click any button in captivate 6@

    hi first of all thanks for imitate action.
    actually i want to make a menu (TOC) with tick icons, on starting all ticks are disabled but when i click on any button from my menu i want to enable tick for that particular button so that user can know easily the visited button.

  • When user clicks on button the document linked to this path must be display

    hi sap masters,
    i am developing a screen prog in which i have a requirment which is i have pushbutton called WEB.
    When user clicks on button the document linked to this path must be displayed
    ex :  www.google.com
    how can i display can i have some info please.
    thank you,
    pasala.

    Hi,
    Kindly go through the below programs....
    RSHTML01                       Demo for HTML Control: Use as general WWW browser
    SAPHTML_R3HTTP_DEMO            Demo for HTML Control: Use as general WWW browser
    SAPHTML_UI_DEMO                Demo for HTML Control: Use as general WWW browser
    UPWB_HTML_DEBUG                Demo for HTML Control: Use as general WWW browser
    Hope it helps.
    Regards
    Arbind

  • When I click "back" button selection screen is not appearing

    Dear All,
    1) I have a "report" which takes some parameteres in the seclection screen ( standard 1000 ) and displayes a report. This is transported. Say the name is ZPRG1
    2) We have copied ZPRG1 to ZPRG_temp and modified some logic and copied back to ZPRG1.
    3) All looks fine but in ZPRG1 in SE80 it is not displaying screen "1000" listed. And when I pressed "back" button from the standard report menu it is going into "blank" screen first. and then when i click again it comes to the selection screen. I understand that some thing happened with GUI stuff but ran out of all ideas and coming here to get some help from you..
    I am almost in a lost state.. can you please suggest me?
    Thanks for your time.
    Regards,
    Kiran

    Hi zhenglin gu,
    Finally I found the reason.. still not conviced.. but the issue is happening when I write block with in the block. I am not convinced but it is true here..
    Issue code******** ( Block with in block )
    SELECTION-SCREEN BEGIN OF BLOCK CHECK1 WITH FRAME TITLE ext-t01.
    *skip 1.
    SELECTION-SCREEN BEGIN OF BLOCK CHECK2 WITH FRAME TITLE text-t00.
    select-options: s_system for /BIC/AZSEUST0400-/BIC/ZSYSIDNT
                    no-extension no intervals .
    parameters:   P_USER   type /BIC/OIZSECUNAME OBLIGATORY.
    select-options: S_PROF for zsecurity-value_1 no intervals.
    SELECTION-SCREEN PUSHBUTTON 60(20) BUT1 USER-COMMAND PROF
                                VISIBLE LENGTH 25.
    SELECTION-SCREEN END OF BLOCK CHECK2.
    PARAMETERS: P_AB RADIOBUTTON GROUP gr1,
                P_CON RADIOBUTTON GROUP gr1.
    SELECTION-SCREEN END OF BLOCK CHECK1.
    Issue ********
    No Issue ******** ( Outer block is comented)
    *SELECTION-SCREEN BEGIN OF BLOCK CHECK1 WITH FRAME TITLE text-t01.
    *skip 1.
    SELECTION-SCREEN BEGIN OF BLOCK CHECK2 WITH FRAME TITLE text-t00.
    select-options: s_system for /BIC/AZSEUST0400-/BIC/ZSYSIDNT
                    no-extension no intervals .
    parameters:   P_USER   type /BIC/OIZSECUNAME OBLIGATORY.
    select-options: S_PROF for zsecurity-value_1 no intervals.
    SELECTION-SCREEN PUSHBUTTON 60(20) BUT1 USER-COMMAND PROF
                                VISIBLE LENGTH 25.
    SELECTION-SCREEN END OF BLOCK CHECK2.
    PARAMETERS: P_AB RADIOBUTTON GROUP gr1,
                P_CON RADIOBUTTON GROUP gr1.
    *SELECTION-SCREEN END OF BLOCK CHECK1.
    End of Block2.
    No Issue ********
    I think I used several blocks with in blocks.. but I do not know why it is hapening.. in my case, i am fine with eliminating the outer block.. so removed and transporting it...
    Message was edited by: Hari Kiran

  • Triggering POPUP to SAVE when user Presses BACK  Button

    h4.
    Hi Friends,
    h4.
    When the User Presses BACK Button in the PF Status, it should trigger POPUP_TO_CONFIRM  whether to SAVE or not.
    h4.
    Suppose if the user doesn't change any thing in the Screen, it should not ask the User.
    h4.
    How can i know whether the user changes something in the Screen.
    h4.
    Screen mean Table Control..
    h4.
    How can i track this.
    h4.
    Regards:.
    h4.
    Sridhar.J

    Hi Sridhar,
    Within the table control loop, create a chain of all the fields in the structure of line type. call a PAI module with addition ON CHAIN-REQUEST. This is a conditional module call which will be triggered ONLY when user changes something on the screen. In this module you can set a global variable DATA_CHANGED to say 'X'. When user chooses BACK function, check this global variable to decide on the confirmation popup.
    One small caution. If you have the ROW SELECTION field also included in the line type of your internal table associated with the table control, you need to exclude that from the CHAIN of fields above; otherwise even when user selects a line or de-selects, this module will be triggered.
    Read ON CHAIN-REQUEST and ON REQUEST online ABAP help for more clarity.
    Regards
    Suresh
    Edited by: Suresh Radhakrishnan on Sep 28, 2009 4:29 PM

  • Aviod page reload when user hits back button

    Hi
    I got 2 coldfusion pages A and B. When i click a link from
    page A it goes to page B. When i click the back button of the
    browser from page B the page A refreshes and shows. I dont want the
    page A to reload when the user hits the back button of the browser
    (so that all data remains as it was) from page B.
    is there any method to cache the page and show? Or are there
    any other methods? Pls help. I am running this project in Model
    Glue architecture (i dont know whether that makes any difference)

    Normal behaviour is that going back does not cause a page to
    reload. You might be doing something to make that happen. If you
    can figure out what it is, then you can stop doing it.

  • Need to generate XML report  (when user clicks the button)from Application Express 4.0.0.00.46

    I am new to Apex so I invoke all the APEX GURUS to help me !!!
    Here are details.
    When the user hits a button from APEX page he can download an XML report
    here is the parameterized SQL query:

    Duplicate thread: https://community.oracle.com/message/11325665

Maybe you are looking for

  • How can I delete the photos in Collections/moments?

    How can I delete the photos in Collections/moments? I have set icloud photo settings to none, and delete all my photos in album, but I'm still getting 5.6 G of photos!

  • Link to Specific Location in a Newly Opened file

    I set up a link that opens another file.  Is there a way to go to a specific location (i.e. bookmark) in the file automatically "on Open"? Thanks for the help!!!

  • Calender = empty date

    Hi, I am passing a Date value back to the user using WS, I would want to send instead of null an empty date, because null doesn't create a XML element, for sending empty elements in this field, I have to somehow set calender to empty date, is it poss

  • How to add these symbols to Photoshop

    Hi there, I am trying to add some texts to my picture in photoshop and I would like to add symbols like the ones I attached here. Does anyone know where to find and how to add them? thanks, Rose110ca

  • Is iTunes 7 capable of burning with CD Text?

    I read that it is in a Maccentral.com review but I have not found the capabiltity in iTunes or on the iTunes site.