Back button and pages that require user to be logged in

[alex.kolaric]

Hi,

I have the following issue. Some pages are available only when the user is logged. So if user logs, go through some of those pages and then logs out, browser's back button is showing the pages which he browsed (even though it is not possible to go anywhere from those pages without logging again). My employer requires behavior where back button won't show pages viewed while the user was logged.

Is this possible using NetTalk 4? How about version 5?

thanks in advance,
Alex

[alex.kolaric]

Bruce, please help 

Any comment on this?

thanks,
Alex

[Bruce]

Hi Alex,

can you set up an example to duplicate the behaviour?
Also specify the browser you are using, different browsers behave differently.

cheers
Bruce

[alex.kolaric]

HI Bruce,

I don't have static IP where I can setup this example but I have the same behavior with example Nettalk app number 43 - Accounts. I use both IE7 and FF with version 4.30 of the templates. Here are the steps to reproduce:

1) Click on Login option in main menu
2) Login as Super/Super
3) Next I go to Browse -> Mailboxes and click on the change for any line
4) From editing for I logout and I'm back on the main page
5) When I hit back button in browser I'm back on the form page I was editing and I can see the data.

The thing I should implement in our solution is to show login page at this point and don't allow for some other user to see the data accessed by previous user if they hit back.

FF behaves correctly with this example but this is of no help to me since IE is not working and our project has to work on both IE and FF.

thanks,
Alex

[alex.kolaric]

Hi Bruce,

any luck with reproducing my problem? I need some info on it, even if it means moving to the newer Nettalk version at this point.

thanks
Alex

[Bruce]

Hi Alex,

The important thing to differentiate here is what is being done by the server, and what is being done by the browser.

The first thing to check is whether or not the page is being resent from the server, or whether the browser is retrieving it from some cache.

If you watch the log on the server side, you'll see that there's no re-request from the browser (IE7 in this case). If you use FF you'll see there is a request - FF is behaving quite well.

So how does the browser "know" what to do? Well there are a variety of cache settings which determine whether a page should be refreshed or not. Here's a typical header sent by NetTalk. (aside: tip: you can see what nettalk sends by running debugview on the server, and compiling your program with the project define NETSHOWSEND=>1 )

HTTP/1.0 200 OK
Date: Mon, 21 Dec 2009 10:19:01 GMT
Server: NetTalk-WebServer/4.41
Expires: Sun, 21 Dec 2008 10:19:01 GMT
Content-Type: text/html
Cache-Control: no-store, no-cache, must-revalidate, private,post-check=0, pre-check=0, max-age=0
Pragma: no-cache
Connection: close

The key items in the header are the Expires date (which you'll notice is earlier than the current date), the Cache-Control setting (which in this case is perhaps hinting to the browser not to cache it) and the Pragme, which is perhaps the most explicit of all.

Bu do you think IE cares? Well no, just like in many other cases IE does what IE wants to do.
But wait, all is not lost.
It turns out that changing the first line from
HTTP/1.0 200 OK
to HTTP/1.1 200 OK
seems to make it work better.

As it happens NetTalk 5 uses HTTP 1.1 by default. And you can, if you like, set your app to use HTTP 1.1 in NetTalk 4. (Although I don't know if there are any side effects in NT4 - I don't know of any - but I don't know for sure.)

In NetTalk 4, in the web server procedure, right-click source, and search for the SetDefaultHeaderDetails method. AFTER the parent call add
self._Wait()
self.HeaderDetails.HTTP = 'HTTP/1.1'
self._Release()

That should help you.

cheers
Bruce

[alex.kolaric]

Thanks for the info Bruce.

I will check it rightaway

best regards,
Alex

[alex.kolaric]

Hi Bruce,

just to let yu know that HTTP 1.1 made a difference. Now I always get information that web page has expired which is exactly what I need. Now I just have to see if it has some nice side effect

thanks for your help,
Alex