PDA

View Full Version : Clearing Browser History using JavaScript



codeexploiter
10-04-2005, 06:06 AM
Hi Folks,

Is it possible for us to clear/erase the contents of the Client's Browser history?

Rather only one entry which is associated with my site?

I want to restrict the user going back to a particular page using the 'Back' button in the browser

Thanks in Advance

Code Exploiter

mwinter
10-04-2005, 12:40 PM
Is it possible for us to clear/erase the contents of the Client's Browser history?No.


Rather only one entry which is associated with my site?Still no.


I want to restrict the user going back to a particular page using the 'Back' button in the browserYou can't. Write whatever system it is that you're developing to cope with that eventuality.

Mike

Twey
10-04-2005, 04:54 PM
If you use window.location.replace("newpage.htm"), the user agent will be sent to newpage.htm, which will replace the current page in the browser's history. This is generally a bad idea, except for: Redirect pages that might cause the user to become "stuck";
Splash-type pages that contain no content the user might want to revisit.

mwinter
10-04-2005, 09:52 PM
If you use window.location.replace("newpage.htm"), the user agent will be sent to newpage.htm, which will replace the current page in the browser's history.Which introduces a scripting dependency. That should mean you provide a non-scripted fallback:


<a href="..." onclick="location.replace(this.href); return false;">...</a>However, this still means that some users can use the back button.

So, as I said, it needs to be accomodated server-side.

Mike

MayISuggest
11-27-2006, 10:51 AM
Hi,

A possible solution could be adding this simple script in the beginning of the page you don't want the user to goback to.

<script language="javascript" >
history.go(1); /* undo user navigation (ex: IE Back Button) */
</script>

djr33
11-27-2006, 11:09 AM
That wouldn't allow them to see the page ever.

As for the original question... no, you can't delete/change/etc files that are on the users' computers. Simple as that.

You could do a cookie/IP/session/etc tracking with server or client side programming, or try what twey suggested.

codeexploiter
11-27-2006, 11:49 AM
Yes actually this issue had resolved long time but I missed to post a message that it is resolved.

I am really sorry about it.

regards

Ges
11-27-2006, 07:06 PM
Hello all,

Firstley, interfering with ANY clients' computers is both unprofessional and insulting to say the least. As a web designer your top priority is to ensure the TOTAL SAFETY of ALL your visitors/guests. What rights do you have to attempt to do such things on anyones computer using a CLIENT SIDE script? Ever heard of trusted sites in your browser?

I agree with MWINTER in that he points out the problems associated with this sort of behaviour - which can only be described as 'internet hooliganism/vandalism'. Are'nt there enough hackers out there without adding to the list?

The professional/ethical way to restrict unwelcome visitors is to use a SERVER SIDE IP BANNING script - available in PHP from various sources. That way you can at least restrict access from a particular computer without interference with the clients equipment.

Internet security is of utmost importance to all of us but safety can be achieved without resorting to underhand methods. Try visiting;

http://www.astalavista.com/

and;

http://www.astalavista.net

These people are PAID to test internet systems - from communication to internet sites for banks etc. I have been a member for a number of years and find the articles very interesting. A lot can be learned from them.

I apologise if I sound a bit harsh but so is life and the truth often hurts.

Regards,
Ges.

codeexploiter
11-29-2006, 04:12 AM
What rights do you have to attempt to do such things on anyones computer using a CLIENT SIDE script? Ever heard of trusted sites in your browser?

As a web developer what right do you have to set a cookie in a clients machine without their permission?

Though cookies doesn't contain any malicious contents (as far as i knew) still it is wrong to set a cookie in a visitor's machine without their consent.

I am also sorry if i sound harsh.

I had already mentioned that I've got the answers already and my issue has already resolved.

djr33
11-29-2006, 06:25 AM
The point is valid, though.
cookies are designed to be used, and the user can block them if s/he desires.

However, deleting something they would expect control of, the history for example, is bad.

tech_support
11-29-2006, 06:43 AM
Wow.

Some things a web developer needs to know. It's not harming anyone, it's just fun. That's life.

codeexploiter
11-29-2006, 07:52 AM
cookies are designed to be used, and the user can block them if s/he desires

It doesn't mean that someone can write something into some others machine without their permission.

seriousphp
11-30-2006, 12:19 AM
Actually it is rather arrogant to respond in the manner many here have for 2 reasons. The first is that the original poster simply may have used the only frame of reference he had regarding his issue. For instance keeping the pages preceeding the logout out of the browser cache is a daunting task in ie6 for instance thus rendering a logout partly useless from someone clicking back. Second there are some of us out here who are actually doing web applications not meant for outsiders. In this case there are techniques that can go in play which might be deemed a foul in the general internet, as it were. The fact that some of the techniques used to safeguard data that does not belong to the user of the computer is a matter for the owner of the data and the machine don't you think?

The sad part of this is that many here seem to find no greater pleasure that to act as judge, jury and executioner basing all of this on their own sense of right and wrong. Funny how that is. I try to render aid or stay out of forums. I don't think many people post a question here in order to rec. the ire of a bunch of insecure folks looking to vent. Of course most of us out here were not born with the intimate knowledge of everything web like some here.

djr33
11-30-2006, 12:50 AM
codeexploiter, you have an option in your browser to block cookies. By not doing so, you are giving sites permission to put "something" on your computer.
It's a feature that is designed to be used like that.

I see no moral issue with deleting YOUR site from the history, but due to the way it works, that cannot be allowed unless you allow total access, which is a major invasion of privacy/control/etc.

The question would better be looked at as how to not allow your site to get into the history in the first place.

However, at the same time, you only have the right to allow access or not to your page, not control the user's browser to remember your page or not.

Anyway, the other suggestions in the thread solve the problem, like IP logging, etc.

seriousphp
11-30-2006, 03:01 AM
This may be useful for someone. It is more of a bandaid approach I have used a couple of places. Think of the concept as more of a strategy rather than a simple paste in solution. In a number of my client installations the logout is effective, but there are no mechanisms in place to fully disable the effects of browser caching particularly in IE6 which respects not tags and headers fully.

I drop a this in run from the onload event for simplicity. The objective for my clients is not total security, but rather merely keeping the curious visitor left alone briefly in the office from viewing the private info inside via clicking back.


function checkplace(){
var cName = 'admin=';
var cName2 = 'agent=';
if (document.cookie){
if((document.cookie.indexOf(cName) == -1) && (document.cookie.indexOf(cName) == -1) && (window.location.href.indexOf('?task=login') == -1)){
document.write('');
window.location.href='index.php?task=login';
}
}
else if(window.location.href.indexOf('?task=login') == -1){
document.write('');
window.location.href='index.php?task=login';
}
}

djr33
11-30-2006, 08:06 AM
Just disabling javascript goes right around that.

johnquil
12-05-2006, 01:19 PM
Hi Codeexploiter.
If I understand your question correctly, then yes, you can. The page you want the user to go back to needs to use FRAMESET to create two frames (if you don't want frames, set the unused one to a size of 0 - e.g. <FRAMESET ROWS="0,*">. To get back to this page at any point, use parent.location.reload() as the "onclick" event for a button etc.. The browser goes back in the history to this point (as if the user had repeatedly clicked the back button to get there). But, since it reloads a frame, the history from that point onwards is cleared. Tested with IE5. Netscape may need parent.location.reload(true).

More "bookmarks" can be added by making each another <FRAMESET...> To go back one bookmark, use as above. To go back 2 bookmarks use parent.parent.location.reload() etc.

This can not go back further than the first page from your site. Hope this is what you wanted.

johnquil
12-05-2006, 01:27 PM
Hi Codeexploiter.
If I understand your question correctly, then yes, you can. The page you want the user to go back to needs to use FRAMESET to create two frames (if you don't want frames, set the unused one to a size of 0 - e.g. <FRAMESET ROWS="0,*">. To get back to this page at any point, use parent.location.reload() as the "onclick" event for a button etc.. The browser goes back in the history to this point (as if the user had repeatedly clicked the back button to get there). But, since it reloads a frame, the history from that point onwards is cleared. Tested with IE5. Netscape may need parent.location.reload(true). Attached are some pages to illustrate this, start with the page called "frameset.htm".

More "bookmarks" can be added by making each another <FRAMESET...> To go back one bookmark, use as above. To go back 2 bookmarks use parent.parent.location.reload() etc.

This can not go back further than the first page from your site. Hope this is what you wanted.
johnQuil

Twey
12-05-2006, 07:10 PM
It doesn't mean that someone can write something into some others machine without their permission.Every page you view is downloaded to your computer first. By using the Web, you agree that other people can store files on your computer, because that's how the Web works.

seejee
02-05-2007, 11:35 PM
Dear friends,

First of all i apologies to say, you are not understand him requirement so don't discourage him. he don't want to delete user files, actually he just want to disable user browser back button function for some reasons.

DUDE:
this is posible only by logic. but your logic must be very powerful bcz as your requirement need to secure your data.

please clear me about your needs.

Best Wishes

djr33
02-06-2007, 03:56 AM
...no. It's not possible.

It isn't possible because it WOULD be an invasion of privacy. Maybe he's a great guy and everyone should allow him total access to their computers. However, this isn't the case with everyone and the browsers don't determine personality types of the website designers. As such, they don't allow for things that could be a security breach.

boxxertrumps
02-06-2007, 04:11 PM
Steps To A Secure Login Without Back Button:

1)Send login, store session with loggedon = 1 if successful.

2)Load pages through Ajax, in each page to load have it check weather or not session loggedon == 1. if true, send proper page, if not, send an error message.

there's only the original page in the history, and if the user hits back, he comes to the login page.

coolwebdeveloper
09-11-2011, 08:55 AM
Hi could you please tell us how the problem was resolved.We are facing exactly same issue. Our application has a requirement to prevent the users from viewing the pages visited by clicking back or using the dropdown near the back button after they are logged out. But when user is logged in, we have a requirement to maintain the cache as well.

Please suggest.This is urgent.

aarongray
09-14-2011, 10:40 PM
Hi,

I faced this same issue, and finally found some good solutions. I believe that disabling the back functionality is best accomplished using JavaScript and history.forward. You can find a nice tutorial here (http://viralpatel.net/blogs/2009/11/disable-back-button-browser-javascript.html).

If this doesn't do what you need, three more techniques are illustrated here (http://www.htmlgoodies.com/tutorials/buttons/article.php/3478911/Disabling-the-Back-Button.htm).

Hope this helps! :-)