I am running Javascript with ASP accessing a SQL 7. What I need to do is make it so that when the user hits the back button, either it goes to a blank page or goes to some default page.

Something like PayPal does when you are making a payment and it says that the page has expired when you hit the back button.

Thanks in advance for any help with this problem.

Will Summers

I can't believe that no one has an answer to this post. Or is it just something so simple that no one is wasting their time to answer?

Javascript Newbie
Will Summers

I believe you can use the meta tag "expires" to set the expiration date of your page, so you should be able to do this:


<script type="text/javascript">
var NowDate = new Date();
document.write('<META name="Expires" content="' + NowDate.toGMTString() + '">');
</script>


I'm not certain if this works though. Good luck!

Adam

Thanks. I'll try that.

Originally posted by AdamGundry
I believe you can use the meta tag "expires" to set the expiration date of your page, so you should be able to do this:


<script type="text/javascript">
var NowDate = new Date();
document.write('<META name="Expires" content="' + NowDate.toGMTString() + '">');
</script>


I'm not certain if this works though. Good luck!

Adam
As a part of the behind the scenes communication that goes on between browsers and servers, each web resource has an HTTP response header that is generated by the server. The header for http://www.w3.org/ looks like:

HTTP/1.1 200 OK
Date: Thu, 12 Dec 2002 20:32:33 GMT
Server: Apache/1.3.26 (Unix) PHP/3.0.18
Content-Location: Overview.html
Vary: negotiate,accept
TCN: choice
P3P: policyref="http://www.w3.org/2001/05/P3P/p3p.xml"
Cache-Control: max-age=600
Expires: Thu, 12 Dec 2002 20:42:33 GMT
Last-Modified: Tue, 10 Dec 2002 15:12:28 GMT
ETag: "3df6045c;3df4a48d"
Accept-Ranges: bytes
~~~~~~~~~~~~~~: ~~~~~
Connection: close
Content-Type: text/html; charset=utf-8

You need to change the expiration date in the header. I'm completely ignorant of the mysteries of ASP, but it must have a way to adjust the response header. On method that some servers support is the META element with an HTTP-EQUIV attribute. The idea is that those servers pre-process the HTML file and add or change any header fields as specified in the element. Hence:

<meta http-equiv="Expires" content="0">

An illegal date value is taken to be 1 January 1970 which is plenty 'ago' enough to convince the browser that the page has expired. Now some browsers recognize some of the META HTTP-EQUIV elements as HTTP headers, but you are always much better off manipulating the responce header directly.

If I insert this line, it makes the page expire immediately.

<META HTTP-EQUIV="Expires" content="-1">

Here is the equivalent line in ASP

Repsonse.Expires=-1;

This works, but all it doesn't clear any history. It just makes the data refresh for the previous page. when the back button is hit. It helps my situation, but doesn't solve it.

What I need is either to have the Back button disable or clear the history some way. So that the user can only see the current page, no be able to go back.

Thanks for the replies.

You cannot disable the 'Back' button, at least not with javascript. I think you can do it with a signed ActiveX control, but I'm not certain, I don't write ActiveX controls. The reason for this has to do with user security. I wouldn't want someone to take control of my browser!

You definitely cannot delete or manipulate someone's history. All you can do is look at it. This is also due to security concerns.

However, you can control whether or not a history entry is created under certain circumstances. The window.open() method has an optional 'replace' argument that allows one to determine whether or not a history entry is created. You might be able to make use of this fact.

I'll go out on a limb and propose something without even testing it. Start by opening a frameset (either with a standard HTML link or with the window.open() method.) Lets say the frameset is mydoc1.html and has only a single frame. The default page it loads might be mydoc2.html. Once loaded, the user has no idea this is actually a frame, it looks just like a non-framed page. Within mydoc2.html is your content. This content would include whatever link begins your process. This link would be written using the javascript window.open() method, not an HTML href, to control what documents are loaded by the user from that point. Set the 'replace' argument to true. (ie: parent.frame[0].open('newdoc.html','winname','featureset','true'). ) This will allow you to control what history entries are created. Since the 'replace' argument is set to true, a history entry will NOT be created. Once the user begins browsing, the use of the 'Back' button should take the user back to the original (default) page of the single frame frameset, or to the page prior to that, I'm not sure which, you'll have to test it to find out which. In any case, the 'Back' button should not take the user to the page immediately prior. If it does go back to the original (mydoc2.html) document, that can be detected and you can use the document.write() method to make this default page dynamic and provide the user a set of instructions.

Couple this with the expiry dates you've been playing with, it seems to me you should be able to achieve what you want.

However, there is no way for you to prevent the user from using the back button to 'back out' of your site all the way to the start of the user's session. The exception is to do everyting from a popup window where you have control over how history entries are written.

BTW, Paypal and similar sites are served via a secure server. I've never worked with a secure server, but what you described may be a function of that server, not of imbedded javascript (or whatever). Although I never use the 'Back' button when inside a secure site, I seem to remember that even though an expiry notice may appear, it also states that clicking on 'Refresh' will resubmit your original data and bring you 'Back' to the previous page.

RKM

Hey all... I am encountering the same issue. Does anyone have a detailed demo on how to make this all work? I have an on-line test aplication and I do not want one to press the back button and resubmit the answer...

I'd like to do what payPal does and Ticketmaster does and BofA does. When someone presses the back button, the presious page says "cannot display page" or some such message...forcing the person to move forward and not back.

What you're seeing on PayPal is the result of programmed server-side activity. As rkmarcks said you can in no way effect the history or the back button. Being able to do that would cause a browser to be subject to all sorts of mischief. What you can do is control how your site reacts to somebody navigating back over the pages they've come from by serving a notice that they can only go forward when they try to go back instead of serving the usual page (off-hand I don't know that a server sees a browser's "back" request as being any different than a regular request--I'm pretty sure it doesn't). That would of course involve keeping track of the pages they've already completed. It's pretty simple, really, once you come to grips with the fact that server-side is the only way you want to do this.

The only way of controlling whether someone can go back or not is by establishing a session first. You then pass a session variable between pages tracking which page they are on and redirecting if they try to access a page out of sequence. Without a session and server side testing of the session in all the pages each page will be completely separate with no way of telling how someone got there.