How can i disable browser from going back to a particular page? My scenario is
Login page -> change password page ->user returns to login page again-> (on browser back should not go back to change password page) but currently it goes to the change password page. I am currently working on a grails application. How can i solve this issue?
You can't stop users from going back if they want to, because a browser can do whatever it feels like.
But if you only want to prevent users from going back accidentally, then just make the "change password" page only appear in response to an HTTP POST (not just a URL link, which is an HTTP GET request). Most browsers will give a warning about re-submitting the form if the previous page was the result of a POST request.
Use javascript's location.replace() function:
http://www.roseindia.net/javascript/javascript-location-replace.shtml
Related
Think of it like a login page. You type in all the credentials and click login. But I wanna check the username and password are correct or not and they will be in my database. So i use a API to communicate. And then u click login then through JavaScript i send a request but then the browser totally changes the page. All i want is the result but the browser changes the URL. Is there a way to do it?. Currently I am letting the page redirect back, its working fine but it just looks ugly.
Sorry i didn't include any code, I thought Code isn't necessary.
It's difficult to guess without seeing the code.
Anyway, are you using fetch?
Fetch is used if a browser should not navigate to a new page. The response is processed using Javascript instead.
Take a closer look at the fetch API, I think it can solve your problem.
I found innumerable answers and explanations on refreshing after submit - how to do it, how to prevent it, etc. But I'm just wondering why all submit functions automatically reload the page? I would have thought the default is to not refresh, and there's an option for it, something like
<button type="submit" refresh="false">Submit</button>
Is this like an unspoken programming rule, or is there a reason to do with GET and POST requests or something of that kind?
Submitting a form is like clicking a link.
You send something to the server (when you click a link that's just a URL, with a form it is more complex data).
The server makes a response
The browser shows you the response
It would only "reload the page" if the server side code you wrote sent the same page back.
It's the normal behaviour because when you send data to the server, you usually want to know if it worked.
(The server could response with 204 No Content to avoid the browser loading a new page, but that would confuse most users because they would have clicked a button and nothing would appear to happen).
Hi i need to redirect my users to the same page they were just on after logging into my site, the redirectory code will obviously be a different page depending on the page tehy were last at, any help would be appreciate :)
Put an identifier for the page they are coming from in a hidden input in the form.
Copy it to the form you show on a "Login failed, try again" situation (if there is a failed login, otherwise go directly to 3).
Use that identifier to determine the URL to redirect to with a Location: header after a successful login
I have an HTML form:
<form id="form" action="Secret.asp" method="POST">
This form sends data from my website visitor to a database.
I want to hide it so that whoever sees my HTML will not be able to send data to my ASP file.
Or maybe there is another way to block an ASP file from anyone but the HTML file?
I suppose you could set up a default document on a virtual directory, and set the action to that. Then your user wouldn't see the page name, but the form data would still get posted.
The bigger question is... why do you want to do this? If it's a matter of security through obscurity, this is the wrong approach. Whatever page receives the form data should not trust it at all, and should sanitize anything going into a database anyway.
No.
If you want browsers to be able to send data to a URL, then you have to tell them what that URL is.
Anything you tell a browser, you tell to the user in control of that browser.
No matter what you do, anyone can see their own HTTP requests going out to your server.
If you press F12 on Chrome or Firefox you can see your incoming and outgoing traffic, so it's useless to try and do anything about it.
If you want to secure something, that's not the way to go about it.
Say you have a legacy website running on an old code-base that offers certain functionality. The successor website is up and running, providing all the old functionality and more. For some time, there has been an HTML link on the old site pointing to the new one, for those users that care to click over.
Now, the legacy site is reaching its end of life, and you want to automatically redirect users to the new site, for example via a 301 or 302 redirect. However, when a user encounters this redirect, you want to also display a friendly message on the new site welcoming them and explaining why they are not seeing the old version.
When the user clicks an HTML link, the HTTP_REFERER header is populated, and the welcome message can be triggered via that value. However it appears that the same is not true when using 3XX redirect codes.
The top Google hit for this issue has this to say:
"HTTP 1.1 specification states it clearly: if a 3XX code is given, no
Referer value is passed. (eventualy, the URL that pointed to 3XX site)."
(http://www.usenet-forums.com/apache-web-server/37811-how-set-referer-redirect.html#post145986)
However I could not find this statement in a quick read through the spec (https://www.rfc-editor.org/rfc/rfc2616).
Can anyone suggest the proper way to achieve this functionality?
Note: This is not meant to be an all-encompassing solution. We understand that some clients don't even send the HTTP_REFERER header for privacy reasons, but for the sake of argument, let's ignore that use case.
First, This should be a 301, not a 302 redirect. Your redirection is permanent, so you want to indicate that. As to how to indicate the redirect, just add a parm to the url. Instead of redirecting to http://www.newsite.com redirect them to http://www.newsite.com?FromOldSite=Y
Could you just redirect them to a specific launch page? Like if try try to visit http://oldsite.com/desired/page, just send them to http://newsite.com/welcome?nextpage=/desired/page. The welcome page could show the message and then pass them over to the content. Alternatively, you could send them right to the new page with a ?show_welcome=true in the URL.
Not sure how you plan to redirect your users, but if you don't want to "ugly" up your URL, you might just set your own custom header when hitting the old site and then check for it at the new.