Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Re^5: How do you do sessions in Web Sites

by osfameron (Hermit)
on Oct 03, 2005 at 08:03 UTC ( #496833=note: print w/replies, xml ) Need Help??

in reply to Re^4: How do you do sessions in Web Sites
in thread How do you do sessions in Web Sites

Yeah, the back button thing is a long-standing hate of mine. Opera manages to work around this by just caching the pages. When you go back, it opens the page from the cache. Perhaps in a small number of cases this is somehow wrong and you need to refresh (in which case, the 'Refresh' button usually does the trick) but 99% of the time, this just works, is useful, and lets you usefully look back at data in, for example, multipage sign up/purchase forms without having to continually repost.

It completely baffles me that the other major browsers don't do this.

  • Comment on Re^5: How do you do sessions in Web Sites

Replies are listed 'Best First'.
Re^6: How do you do sessions in Web Sites
by awwaiid (Friar) on Oct 16, 2005 at 17:03 UTC

    You can actually set up the caching headers such that most browsers (ie/firefox at least) will cache Everything. You can do this by adding the header "Cache-Control: cache". I think.

    One idea I had (and tested successfully) is to use always-cached pages along with some javascript to do fancy things. JS gets re-executed, but gets to keep some variables (so you can tell that you've already been viewed). You can also do those fancy xmlhttprequest thingies.

    So most of the time when you go back it just shows you the page. But you could also have your js ask the server if it is OK to re-display this particular page, and then display a message (or nuke the page through DOM or whatever) if its not OK. That way they can't mess with you much if the go back to a one-time page --- a "are you sure you want to delete X" page or "Are you sure you want to charge 1 million dollars to your credit card?"

    I give each page I display its own unique ID, so it would be easy to just keep a server-side list of which pages to "expire" or invalidate.

    As always, however, Javascript is helpful for useability and does nothing for security.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://496833]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (4)
As of 2021-09-28 13:08 GMT
Find Nodes?
    Voting Booth?

    No recent polls found