Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to stop a browser storing a URL in its history?

Tags:

browser

When a user clicks to a page using a link on a previous page, is it possible for the target page to, on its own accord, remove its own URL from browser history (without significant modification of the page that actually has the link on it, unless, perhaps it were a simple HTML attribute or something)?

Obviously I should not be storing sensitive information in the URL, but there are some cases where I have to store some information in the URL, and, while it is not sensitive, it is still better for it to not be stored in history. (These URLs are completely not useful to the user if they were to show up in history.)

So is there a way for me, as a webapp developer, to keep these out of history, at least in some modern browsers? (Something such as HTTP headers, JavaScript or HTML, etc on the page that loaded as a result of the URL.)

(I'm not interested in techniques such as fetching pages with AJAX, iframes, etc, where the user does not actually navigate to said URL, but still manages to get content from it.)

like image 471
700 Software Avatar asked Jan 22 '13 19:01

700 Software


3 Answers

It looks like this is not possible.

The browser history will store the URL. The best that can be done is either to prevent the URL from going into the back/forward buttons, or use "techniques such as fetching pages with AJAX, iframes, etc, where the user does not actually navigate to said URL, but still manages to get content from it".

like image 58
700 Software Avatar answered Nov 13 '22 03:11

700 Software


Using javascript, you could use replace method of window.location :

window.location.replace(String url)

Check the documentation here for more details

like image 3
rayfranco Avatar answered Nov 13 '22 03:11

rayfranco


In some circumstances, sending a 302 Found response and redirecting to another page could work. If you need to hide query string parameters, you could set a session cookie with them on the initial, redirected response, then use them to serve the response on the real page. Just remember to clear the cookie when you serve the page.

But this is an entirely server-side way to do it, and while you can hide sensitive data, you'll still see some page on the domain in the history.

like image 1
David Ehrmann Avatar answered Nov 13 '22 04:11

David Ehrmann