Discussions

General J2EE: I don’t want my pages to be shown in the history at all.

  1.  

    Dear All,

     

    I am using Java 5.0 for creating a web application. There is a security related implementation to be done. I have tried all my sources but all in drain. I would appeal to all experts who have handled security aspects in java or programmers who would want to give a helping hand to come forward.

     

    Desired output: any page loads in an internet browser is stored for future reference in the history section, which is mostly accessible using shortcut Ctrl+H. I don’t want my pages to be shown in the history at all.

     

    Eg:

     

    1. visit http://www.icicibank.com/
      1. In history it shows “Personal Banking | NRI Banking | Corporate and Business Banking | Rural Banking | ICICI Bank” and a link
    2. click on login to Personal banking on the top left corner.
      1. This will redirect to http://www.icicibank.com/safe-online-banking/safe-online-banking.html
      2. In history it shows “Travel Offer: ICICI Bank Online” and an image link to continue login
    3. Click on “Continue Login” Image button at the bottom mid section
      1. It redirects to https://infinity.icicibank.co.in/BANKAWAY?Action.RetUser.Init.001=Y&AppSignonBankId=ICI&AppType=corporate&abrdPrf=N
    4. The page opens for entering credentials for personal banking login
      1. This page is not seen in the history at all
      2. After logging in not a single page will be seen in the history
      3. This is what I have to achieve

     

    Please help as our assignment is pending since long, we may end up losing the project. Any guidance would be highly appreciated.

     

     

    I have tried below solutions which didn’t give any success:

     

    Solution 1:  

       1. <%

       2. session.invalidate();

       3. response.setHeader("Cache-Control","no-cache");

       4. response.setHeader("Cache-Control","no-store");

       5. response.setDateHeader("Expires", 0);

       6. response.sendRedirect("home.jsp");

       7. %>

     

     

     

     

    Solution 2:

    <%

    Response.Cache.SetExpires(DateTime.Parse(DateTime.Now.ToString()))

    Response.Cache.SetCacheability(HttpCacheability.Private)

    Response.Cache.SetNoStore()

    Response.AppendHeader("Pragma", "no-cache")

    %>

     

     

     

    Solution 3:

    <body onload="history.forward()">

     

     

     

     

     

    Solution 4:

     

     

    <% response.setDateHeader("Last-Modified", System.currentTimeMillis());%>

     

     

     

     

     

     

     

     

    Thanks,

    Jaisingh Saini

     

  2. Handle it on server[ Go to top ]

    Hi,

    Your scenario can be handled on the server. If you study icicibank website, you will find that all pages from ICICI bank are stored in history. However, when you click on the link in the histroy, there is a sever call, where, since the request is from an invalid session, the server responds with a invalid sesiion page. Hope this clarifies.

    Cheers,

    Ashish