防止浏览器中的后退按钮单击
[英]Preventing back button clicks in browser
问题描述
I understand that this question is asked over and over again, but I want a way to handle back button clicks on the server side (like banking applications). 
我知道这个问题一遍又一遍地问,但是我想要一种处理服务器端后退按钮单击的方法(例如银行应用程序)。
When the user clicks on the back button, the page should be invalid and the user should be asked to start all over again. 当用户单击“后退”按钮时,页面应该无效,并且应要求用户重新开始。
Can you direct me to some tutorials on this? 您能指导我一些有关此的教程吗?
5 个解决方案
解决方案1
1 2011-07-28 10:32:55
The simplest way I've seen this solved is as follows. 我所见到的最简单的解决方法如下。
Every page is served up with a unique ID/token. 每个页面都有唯一的ID /令牌。 That unique ID is always submitted when submitting any forms, and tracked on the server as being "used". 该唯一ID始终在提交任何表单时提交,并在服务器上被跟踪为“已使用”。
If the user ever clicks "back" and re-submits the same form, the server checks the unique ID... notices that it is a duplicate and then ignores the submission. 如果用户单击“后退”并重新提交相同的表单,则服务器将检查唯一ID ...,注意它是重复的,然后忽略提交。
Note this won't physically stop a user from going "back", but if the last action was "transfer $1,000,000 dollars!" 请注意,这不会从物理上阻止用户“退回”,而是如果最后一个动作是“转移$ 1,000,000美元!” - the user won't accidentally transmit 2 million. -用户不会意外传输200万。
解决方案2
0 2011-07-28 10:30:04
- Make pages not cachable 使页面不可达
- track the user route server side, if she is visiting the visited page which she isn't supposed to revisit by back, in a session data may be. 跟踪用户路线服务器端,如果她正在访问不应该回头访问的访问页面,则会话数据可能是。
- check to see if she is requesting the visited resource then handle accordingly 检查她是否正在请求访问的资源,然后进行相应处理
- Filter is the best place to do 过滤器是最好的选择
解决方案3
0 2011-07-28 10:31:42
Instruct page to use no cache. 指示页面不使用缓存。 Add to the head element of the page 添加到页面的head元素
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
解决方案4
0 2011-07-28 10:32:28
There are two problems you need to solve here. 您需要在这里解决两个问题。
The first is how browsers typically handle the back button. 首先是浏览器通常如何处理后退按钮。 You should use a POST request to get to the page that the back button should not have access to. 您应该使用POST请求进入后退按钮无权访问的页面。 Most browsers will use a local cache for GET requests,, so if you do a GET, your server simply won't be accessed at all. 大多数浏览器都将本地缓存用于GET请求,因此,如果您执行GET,则根本不会访问您的服务器。 A POST request will however typically perform a new request. 但是,POST请求通常会执行一个新请求。 Many browsers will also warn the user, and show a dialog box saying ie "Are you sure you want to send the form again?". 许多浏览器还会警告用户,并显示一个对话框,显示“您确定要再次发送表单吗?”。 So by using a POST, you increase the likelihood that every page load of that page will perform a new request to your server. 因此,通过使用POST,您将增加该页面的每个页面加载将对服务器执行新请求的可能性。
You may also be able to use a GET request where your server returns HTTP headers that makes browsers not load the page from the cache. 您还可以在服务器返回HTTP标头的情况下使用GET请求,该标头使浏览器无法从缓存中加载页面。 Experiment with this. 尝试一下。
The second problem is to make sure you invalidate duplicate requests server side. 第二个问题是确保服务器端重复请求无效。 The first solution I can think of is to generate a token that you submit with the form and store in a database on every request. 我能想到的第一个解决方案是生成一个令牌,该令牌将与表单一起提交并在每次请求时存储在数据库中。 If a request is performed with a token that already is stored, you can invalidate the request. 如果使用已存储的令牌执行请求,则可以使该请求无效。 Perhaps there are better techniques, but I'll leave that as an exercise for the reader ;) 也许有更好的技术,但是我将其留给读者练习;)
解决方案5
0 2011-07-28 12:05:29
I also searched for this , and after all i found a little trick i think it may for your. 我也搜索了这个,毕竟我发现了一个小技巧,我认为这可能适合您。
- Every page your have an javaScript function that call to server with ajax to check whether this page is available at that time. 您的每个页面都有一个javaScript函数,该函数使用ajax调用服务器以检查当时该页面是否可用。
- In the server side you keep the availability (with the session). 在服务器端,您保留可用性(与会话一起使用)。
- If not redirect the page as you wish . 如果没有按照您的意愿重定向页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.