Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I force a user to be logged out when they try to navigate using browser's navigation buttons?

Tags:

java

jsp

Project Context

Client requires that the users of the site (when logged in and are able to view their personal information) be forced to be logged out if they try to navigate using the browser's navigation buttons.

My Research

Searching around on SO seems to indicate that most of the problems people have is to "stop" people from hitting the browser's back button when they're logged out, like this and this. The difference is that I need to "stop" the users from navigating backwards in history (and even forward as well, though I don't see how the users can go forward in history if they can't go back in the first place) even when they are logged in, making it compulsory that they use the provided navigation.

The Solution I Have In Mind

I'm thinking of capturing the browser's event when a user hits the back button and logging them out then. However, as discussed here it seems like you can only "do it" using Javascript and not using server-side code. My qualm with this approach is that users can bypass it merely by disabling Javascript on their browsers.

My Question

So my question is - Is there a way I can capture the browser event on the server-side and log them out there? If not, what are the alternatives to achieving my objective?

like image 944
jon2512chua Avatar asked Jan 14 '23 10:01

jon2512chua

2 Answers

I'd say that your best option is tracking the session.

You make the client send you the timestamp of when the request was processed by your server, or even simpler: a user dependent counter (which you send each time to the client), and server-side keep track of the last timestamp/counter sent.

If the user clicks the back button, he will send you an old timestamp/counter instead of the last current one, and you can then log him out server side.

This should do the trick.

In order to make sure the trick is done and making it javascript independent, I'd say you could place this value in a hidden parameter, or maybe as a hidden field form, so the user doesn't see it but it always gets sent to your server.

I hope this helps!

like image 143
Daren Avatar answered Feb 04 '23 16:02

Daren

What I did was to create a single page, 1 html document, then use AJAX to navigate the whole site. When a user hits the back button it takes you to the index page, which is the log in page. To log in I use AJAX which I do redirect on the server side only. The only problem is when a user hits the forward button but the good thing is no JS no navigation.

like image 23
zeddarn Avatar answered Feb 04 '23 15:02

zeddarn
Sign in to Comment

Related questions

java erasures of derived generic type
Regarding polymorphic bevaviour
(de)compress base64 string
Get Position in Original String from `StringTokenizer`
How to supply sudo with root password from Java?
Live Stream video using Android with pure java
Using a builder to build "partially" mutable objects?
How to increase the width of the Eclipse editor?
Izpack installer - Change window title and footer
Getting question marks when inserting Hebrew characters into a MySQL table
Converting date to milliseconds is giving inconsistent results in Android (java)
How to layout a rotated node correctly within a container?
Float returning exponential notation
void is an invalid type for this variable
how to set some database values to application scope at startup in struts2?
JAXB XML unmarshalling only sees the root element
Sorting alphanumeric strings java
Can I use Jenkins to test to see if a VM(server) is up and running?
Java - How to change a 'local?' variable within an event listener
Arbitrary array length in java

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!