You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Raghuveer <ra...@infotechsw.com> on 2006/08/03 15:37:10 UTC
Browser History by HTTP-REFERER
In my Struts Web application
i need to restict the user accessing pages from Browser History.
When i access any page from Browser History i get
http-referer=null
So,
I am checking this by below code on Server side in All my execute method in
Struts Action File .
if(request.getHeader("REFERER")==null){
throw new Exception("Invalid operation");
}
Is this Correct way of handling ?
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Browser History by HTTP-REFERER
Posted by Martin Gainty <mg...@hotmail.com>.
found this solution which expires the current page at
http://forum.java.sun.com/thread.jspa?threadID=641697
// Set to expire far in the past.
response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
// Set standard HTTP/1.1 no-cache headers.
response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
// Set IE extended HTTP/1.1 no-cache headers (use addHeader).
response.addHeader("Cache-Control", "post-check=0, pre-check=0");
// Set standard HTTP/1.0 no-cache header.
response.setHeader("Pragma", "no-cache");
Anyone else ??
Martin
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official
business of Sender. This transmission is of a confidential nature and Sender
does not endorse distribution to any party other than intended recipient.
Sender does not necessarily endorse content contained within this
transmission.
>
>Can you please specify in more broad terms, what are you trying to do
>(especially with the referrer code)? Are you trying to restrict user to
>access pages only after login or something like that?
>
>Thanks and Regards,
>Thomas Joseph
>
>Kott Software Pvt. Ltd. | Vallamattom Estate | M.G.Road | Cochin-682015 |
>India
>www.kottsoftware.com
>--------------------------------------------------------------------------------
>This email (including any attachments) is subject to copyright, the
>information in it is confidential, and it is legally privileged. Use of
>this email or of any information in it other than by the addressee is
>unauthorized and unlawful. If you are not the intended recipient of the
>mail, kindly intimate the author of the mail and delete the same.
>--------------------------------------------------------------------------------
>It doesn't matter how you were, but rather how you are that decides your
>future. A right attitude will get you to Success.
> ----- Original Message -----
> From: Raghuveer
>
>
> In my Struts Web application
> i need to restict the user accessing pages from Browser History.
> When i access any page from Browser History i get
> http-referer=null
>
> So,
> I am checking this by below code on Server side in All my execute method
>in
> Struts Action File .
> if(request.getHeader("REFERER")==null){
>
> throw new Exception("Invalid operation");
> }
>
> Is this Correct way of handling ?
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Browser History by HTTP-REFERER
Posted by Thomas Joseph <th...@kottsoftware.com>.
Try this:
1. Include a common JSP page (say like the company logo) in every other JSP page (using tiles is perfect) that will check for a user object (say username or user credential or something else) in session that is created only on Login.
2. If the object is not found, redirect to the login page.
There can be more streamlined versions of the same logic.
Thanks and Regards,
Thomas Joseph
Kott Software Pvt. Ltd. | Vallamattom Estate | M.G.Road | Cochin-682015 | India
www.kottsoftware.com
--------------------------------------------------------------------------------
This email (including any attachments) is subject to copyright, the information in it is confidential, and it is legally privileged. Use of this email or of any information in it other than by the addressee is unauthorized and unlawful. If you are not the intended recipient of the mail, kindly intimate the author of the mail and delete the same.
--------------------------------------------------------------------------------
It doesn't matter how you were, but rather how you are that decides your future. A right attitude will get you to Success.
----- Original Message -----
From: Raghuveer
To: 'Thomas Joseph'
Cc: user@struts.apache.org
Sent: Monday, August 07, 2006 10:54 AM
Subject: RE: Browser History by HTTP-REFERER
Yes ,I am trying to restrict users only after login.
Like banking applications
-----Original Message-----
From: Thomas Joseph [mailto:thomas.joseph@kottsoftware.com]
Sent: Saturday, August 05, 2006 9:53 AM
To: Struts Users Mailing List; raghuveerv@infotechsw.com
Subject: Re: Browser History by HTTP-REFERER
Can you please specify in more broad terms, what are you trying to do
(especially with the referrer code)? Are you trying to restrict user to
access pages only after login or something like that?
Thanks and Regards,
Thomas Joseph
Kott Software Pvt. Ltd. | Vallamattom Estate | M.G.Road | Cochin-682015 |
India
www.kottsoftware.com
----------------------------------------------------------------------------
--
This email (including any attachments) is subject to copyright, the
information in it is confidential, and it is legally privileged. Use of this
email or of any information in it other than by the addressee is
unauthorized and unlawful. If you are not the intended recipient of the
mail, kindly intimate the author of the mail and delete the same.
----------------------------------------------------------------------------
--
It doesn't matter how you were, but rather how you are that decides your
future. A right attitude will get you to Success.
----- Original Message -----
From: Raghuveer
In my Struts Web application
i need to restict the user accessing pages from Browser History.
When i access any page from Browser History i get
http-referer=null
So,
I am checking this by below code on Server side in All my execute method
in
Struts Action File .
if(request.getHeader("REFERER")==null){
throw new Exception("Invalid operation");
}
Is this Correct way of handling ?
RE: Browser History by HTTP-REFERER
Posted by Raghuveer <ra...@infotechsw.com>.
Yes ,I am trying to restrict users only after login.
Like banking applications
-----Original Message-----
From: Thomas Joseph [mailto:thomas.joseph@kottsoftware.com]
Sent: Saturday, August 05, 2006 9:53 AM
To: Struts Users Mailing List; raghuveerv@infotechsw.com
Subject: Re: Browser History by HTTP-REFERER
Can you please specify in more broad terms, what are you trying to do
(especially with the referrer code)? Are you trying to restrict user to
access pages only after login or something like that?
Thanks and Regards,
Thomas Joseph
Kott Software Pvt. Ltd. | Vallamattom Estate | M.G.Road | Cochin-682015 |
India
www.kottsoftware.com
----------------------------------------------------------------------------
--
This email (including any attachments) is subject to copyright, the
information in it is confidential, and it is legally privileged. Use of this
email or of any information in it other than by the addressee is
unauthorized and unlawful. If you are not the intended recipient of the
mail, kindly intimate the author of the mail and delete the same.
----------------------------------------------------------------------------
--
It doesn't matter how you were, but rather how you are that decides your
future. A right attitude will get you to Success.
----- Original Message -----
From: Raghuveer
In my Struts Web application
i need to restict the user accessing pages from Browser History.
When i access any page from Browser History i get
http-referer=null
So,
I am checking this by below code on Server side in All my execute method
in
Struts Action File .
if(request.getHeader("REFERER")==null){
throw new Exception("Invalid operation");
}
Is this Correct way of handling ?
Re: Browser History by HTTP-REFERER
Posted by Thomas Joseph <th...@kottsoftware.com>.
Can you please specify in more broad terms, what are you trying to do (especially with the referrer code)? Are you trying to restrict user to access pages only after login or something like that?
Thanks and Regards,
Thomas Joseph
Kott Software Pvt. Ltd. | Vallamattom Estate | M.G.Road | Cochin-682015 | India
www.kottsoftware.com
--------------------------------------------------------------------------------
This email (including any attachments) is subject to copyright, the information in it is confidential, and it is legally privileged. Use of this email or of any information in it other than by the addressee is unauthorized and unlawful. If you are not the intended recipient of the mail, kindly intimate the author of the mail and delete the same.
--------------------------------------------------------------------------------
It doesn't matter how you were, but rather how you are that decides your future. A right attitude will get you to Success.
----- Original Message -----
From: Raghuveer
In my Struts Web application
i need to restict the user accessing pages from Browser History.
When i access any page from Browser History i get
http-referer=null
So,
I am checking this by below code on Server side in All my execute method in
Struts Action File .
if(request.getHeader("REFERER")==null){
throw new Exception("Invalid operation");
}
Is this Correct way of handling ?