A Thorough Examination of "Disabling the Back Button."By Akhilesh Reddy
I have had a lot of people ask, "How to I ‘disable’ the back button?" or, "How do I prevent a user from clicking the back button and going back to the previous screen?" In fact, this is one of the most commonly asked questions on the ASPMessageboard and, sadly, the answer is quite simple: You CANNOT disable the back button of the browser.
Initially I could not figure why anyone would want or need to do that. Then it struck me as to why so many people would want to disable the back button. (Not the forward button mind you only the back button.) When a user submits an application and then goes back "using the back button" to make a change instead of clicking on "Edit," a new record will be inserted – we don’t want that, now do we? Again if the user finished a page and then went back to that page and continued to make changes and saved them we would not want that either.
So I decided to figure a way or ways to prevent this scenario. I started doing a bit of research all over the Net going into various sites so basically this article will have a lot of stuff you might have already read if you looked on the Net. I am just trying to put it all in one place and find the "best" way of doing it!
One of the many suggestions I got was to prevent the page from being cached. This can be done with server-side script:
This method works great! It forces the browser to go to the server to get the page instead of from its cache. What you will want to do is create a Session-level variable that determines whether or not a user can still "view" the page that you do not want to let the user navigate back to. Since the page is not being cached on the browser, the page will be reloaded when the user hits the back button, and you can check for that session-level variable to see if the user can view this page or not.
For example, we could create a form like so:
Note that we are using a Session variable (
FirstTimeToPage) to check to see if this is the
users first visit to this particular page. If it isn't (that is, if
contains any value), then we clear out the session variable and redirect the user back to some starting
page. Now, when the form is submitted (and
SomePage.asp is loaded), we must set the
FirstTimeToPage to some value. So... in
SomePage.asp we'd need
Then, if the user, on
SomePage.asp, hits the back button, the browser will requery the Web server,
Session("FirstTimeToPage") contains some value, clear
and redirect the user to some page. All of this hinges, of course, on the fact that the user has cookies
enabled, else session variables won't work! (For more information on this subject, be sure to check out
the FAQ: For session variables to work, must the Web
visitor have cookies enabled?)
You can also use client-side code to force the user's browser to not cache a Web page.
There are a couple things to keep in mind when using the above method to force a browser to not cache a Web page:
Pragma: no-cacheprevents caching only when used over a secure connection. A
Pragma: no-cacheMETA tag is treated identically to
Expires: -1if used in a non-secure page. The page will be cached but marked as immediately expired.
HTTP-EQUIVtags are ignored and have no effect in Internet Explorer versions 4 or 5.
You can use both in your code. I tried this but this was not the solution because it did not work in all the browsers so I guess if one had an intranet environment where there was some control in place then they could use this method.
|For More Information...|
|For more information on disabling caching, check out Phil Paxton's great article: Cache No More.|
In Part 2 we'll look at some other methods for "disabling the back button!"