瀏覽器的後退按鈕使得我們能夠輕鬆地返回以前訪問過的頁面,它無疑非常有用。但有時候我們必須關閉這個功能,以 ("FirstTimeToPage")包含某個值),那麼我們就清除會話變數的值,然後把使用者重新導向到一個開始頁面。這樣,當表單
防止使用者打亂預定的頁面存取次序。本文介紹網路上可找到的各種停用瀏覽器後退按鈕方案,分析它們各自的優缺點和適
用場合。
一、概述
曾經有許多人問起,“怎樣才能'禁用'瀏覽器的後退按鈕?”,或者“怎樣才能防止用戶點擊後退按鈕返回以前和
覽過的頁面? 「在ASP論壇上,這個問題也是問得最多的問題之一。遺憾的是,答案非常簡單:我們無法停用瀏覽器的後退
按鈕。
起先我對居然有人想要停用瀏覽器的後退按鈕感到不可思議。後來,看到竟然有那麼多的人想要禁用這個後退按
鈕,我也就釋然(想要禁用的只有後退按鈕,不包括瀏覽器的前進按鈕)。因為在預設情況下,使用者提交表單之後可以通
過後退按鈕返回表單頁面(而不是使用「編輯」按鈕!),然後再次編輯並提交表單將新的記錄插入資料庫。這是我們不
願看到的。
因此我就決定要找出避免這種情況的方法。我造訪了許多網站,參考了這些網站所介紹的各種實作方法。如果你
經常造訪ASP程式設計網站,本文所介紹的部分內容你可能已經看過。本文的任務是把各種可能的方法都介紹給大家,然後找
出最好的方法!
二、禁止快取
在我找到的許多方案中,其中有一種建議禁止頁面快取。具體是使用伺服器端腳本,如下圖所示:
Response.Buffer = True
Response.ExpiresAbsolute = Now() - 1
%>
這種方法非常有效!它強制瀏覽器重新訪問伺服器下載頁面,而不是從快取讀取頁面。使用這種方法時,程式設計者的主
要任務是建立一個會話層級的變量,透過這個變數確定使用者是否仍舊可以查看那個不適合透過後退按鈕訪問的頁面。由於瀏
覽器不再快取這個頁面,當使用者點擊後退按鈕時瀏覽器將重新下載該頁面,此時程式就可以檢查那個會話變量,看看是否
應該允許使用者開啟這個頁面。
例如,假設我們有以下表單:
Response.Buffer = True
Response.ExpiresAbsolute =ExNow()) .CacheControl = "no-cache" If Len(Session("FirstTimeToPage")) > 0 then
&single; 使用者已造訪目前頁面,現在是再次返回造訪。
&single; 清除會話變量,將使用者重新導向至登入頁面。
Session("FirstTimeToPage") = ""
Response.Redirect "/Bar.asp"
Response.End
End If
Response.End
End If
Response.End
End If
&ingles;目前頁面
&single; 以下開始建立表單
%>
提交時(此時SompePage.asp被開啟),我們必須賦予FirstTimeToPage一個值。即,在SomePage.asp中我們需要加上下面
的程式碼:
Session("FirstTimeToPage") = "NO"
這樣,已經開啟SomePage.asp的使用者如果點擊後退按鈕,瀏覽器將重新請求伺服器下載頁面,伺服器檢查到Session
("FirstTimeToPage")包含了一個值,於是就清除Session("FirstTimeToPage"),並把使用者重定向到其他頁面。當然,所有
這一切都需要使用者啟用了Cookie,否則會話變數將是無效的。(For more explanation of this problem, see For session variables
to work, must the Web visitor have cookies enabled?)
In addition, we can also use client-side code to prevent the browser from caching Web pages:
If you use the above method to force the browser to no longer cache For web pages, you must pay attention to the following points:
"Pragma: no-cache" only prevents the browser from caching the page when using a secure connection. For pages that are not protected by security, "Pragma: no-cache"
is treated the same as "Expires: -1". At this time, the browser still caches the page, but marks the page as expiring immediately.
In IE 4 or 5, the "Cache-Control" META HTTP-EQUIV tag will be ignored and will have no effect.
In practical applications we can add all these codes. However, since this method does not work in all browsers, it is not recommended. But
If it is an intranet environment and the administrator can control which browser the user uses, I think some people will still use this method.
3. Other methods
The method we are going to discuss next is centered on the back button itself, not the browser cache. Here is an article Rewiring the Back Button which is
worth referencing. However, I noticed that if this method is used, although the user will not see the page where he previously entered data when he clicks the back button, he only needs to click
twice. This is not the effect we want, because Many times, stubborn users are able to find ways to bypass preventive measures.
Another way to disable the back button is to use client-side JavaScript to open a window without a toolbar. This makes it difficult for the user to return to the previous page, but
not impossible. A safer, but rather annoying, method is to open a new window when the form is submitted and at the same time close the window where the form is located. But I feel
that this method is not worthy of serious consideration, because we can’t let users open a new window every time they submit a form.
So, can we also add JavaScript code to the page that we don’t want the user to return to? The JavaScript code added to this page can
be used to produce the effect of clicking the forward button, thus counteracting the action caused by the user clicking the back button. The JavaScript code used to implement this function is as follows
:
Again, although this method is effective, it is still far from the "best method". Later, I saw someone suggesting using location.replace to move from one
page to another. The principle of this method is to replace the current history record with the URL of the new page, so that there is only one page in the browsing history, and the
back button never becomes available. I think this is probably what many people are looking for, but it's still not the best approach in every situation. An example of using this
method is as follows: Disable links back to this page
Try this link:
Disable links back to this page!
The disadvantage of this approach is that simply using Response.Redirect will no longer work because every time the user goes from one page to another,
we have to clear location.history with client code . Also note that this method clears the last access history record, not all
access records.
Click the link above and you will open a simple HTML page. Click the back button again, and you can see that what is opened is not this page, but the page
before this page! (Of course, you must enable client-side JavaScript code in the browser.)
After some careful searching, I found that I still couldn’t find a way to completely disable the browser’s back button. All of the methods
described here can prevent users from returning to the previous page to varying degrees and in different ways, but they all have their own limitations. Since there is no way to completely disable the back button <script> <BR><!-- <BR>javascript:window.history.forward(1); <BR>//--> <BR></script>, the best solution is to use a mix of client-side and server-side scripts.