Preventing back button clicks in browser

I understand that this question is asked over and over again, but I want a way to handle back button clicks on the server side (like banking applications).

When the user 开发者_StackOverflow社区clicks on the back button, the page should be invalid and the user should be asked to start all over again.

Can you direct me to some tutorials on this?

The simplest way I've seen this solved is as follows.

Every page is served up with a unique ID/token. That unique ID is always submitted when submitting any forms, and tracked on the server as being "used".

If the user ever clicks "back" and re-submits the same form, the server checks the unique ID... notices that it is a duplicate and then ignores the submission.

Note this won't physically stop a user from going "back", but if the last action was "transfer $1,000,000 dollars!" - the user won't accidentally transmit 2 million.

• Make pages not cachable
• track the user route server side, if she is visiting the visited page which she isn't supposed to revisit by back, in a session data may be.
• check to see if she is requesting the visited resource then handle accordingly
• Filter is the best place to do

Instruct page to use no cache. Add to the head element of the page

<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">

There are two problems you need to solve here.

The first is how browsers typically handle the back button. You should use a POST request to get to the page that the back button should not have access to. Most browsers will use a local cache for GET requests,, so if you do a GET, your server simply won't be accessed at all. A POST request will however typically perform a new request. Many browsers will also warn the user, and show a dialog box saying i.e. "Are you sure you want to send the form again?". So by using a POST, you increase the likelihood that every page load of that page will perform a new request to your server.

You may also be able to use a GET request where your server returns HTTP headers that makes browsers not load the page from the cache. Experiment with this.

The second problem is to make sure you invalidate duplicate requests server side. The first solution I can think of is to generate a token that you submit with the form and store in a database on every request. If a request is performed with a token that already is stored, you can invalidate the request. Perhaps there are better techniques, but I'll leave that as an exercise for the reader ;)

I also searched for this , and after all i found a little trick i think it may for your.

• Every page your have an javaScript function that call to server with ajax to check whether this page is available at that time.
• In the server side you keep the availability (with the session).
• If not redirect the page as you wish .