struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Galbreath" <mark_galbre...@qat.com>
Subject RE: The Back button on on multi-page forms ??????
Date Wed, 12 Mar 2003 02:20:29 GMT
Ah, come on, guys!  This subject has been hashed out ad nauseum both on this
list and servlet-interest over the past 2 years.  Send them to the archives!

Mark

-----Original Message-----
From: Andrew Hill [mailto:andrew.david.hill@gridnode.com] 
Sent: Tuesday, March 11, 2003 9:20 PM
To: Struts Users Mailing List
Subject: RE: The Back button on on multi-page forms ??????


I remember an online banking app I used a few years back would open in a
chromeless window with headers stating "do not click back or stop"!...
(scary)

-----Original Message-----
From: apachep2 [mailto:apachep2@hotmail.com]
Sent: Tuesday, 11 March 2003 23:15
To: 'Struts Users Mailing List'
Subject: RE: The Back button on on multi-page forms ??????


Does IRS give me a chance hitting Back, re-filing last year's tax form and
re-submitting it? :)

-----Original Message-----
From: Bueno Carlos M [mailto:Carlos.M.Bueno@irs.gov]
Sent: March 10, 2003 10:27 PM
To: 'Struts Users Mailing List'
Subject: RE: The Back button on on multi-page forms ??????

I may be way off here, but how about coding defensively? This isn't some
special java-struts problem; it's the price of maintaining the illusion of a
session over HTTP.

Form tokens are a good idea but the user can and will click that pesky back
button to change what they inputted. One of two things will happen: the
browser calls up the form from cache and fills in the values or it makes a
new HTTP request, which will give them a blank form. Since they have already
submitted once, you have that data somewhere. So.... populate the dang form
if the data exists. Simple? Simple.

It doesn't have to be complicated. A properly-built state machine (ie, your
session or action code) should ignore input that can corrupt its internals.
Check the state you are about to change -- if it's already changed, go to
the next step, merge it or whatever is the Right Thing To Do. If you app is
so fragile that someone clicking ye olde back button will mess things up you
should look for ways to improve and simplify your design, not some clever
client hack.

My reasoning is this: as soon as you plug one hole another will open up. Say
you disable the back button. What happens if the user clicks submit twice?
What happens if they press CTRL-N and now have two windows with the same
session?

1. Users will always do what you don't expect.

2. The average user is pretty dumb.

3. Half of all users are even dumber than *that*.

4. Browsers work for them, not for you.

 -- los

-----Original Message-----
From: Andrew Hill [mailto:andrew.david.hill@gridnode.com]
Sent: Monday, March 10, 2003 9:39 PM
To: Struts Users Mailing List
Subject: RE: The Back button on on multi-page forms ??????


<snip>
Remember that the back button does not contact the server </snip>

Some do sometimes - but Im not sure under what cicumstances - probably
depends on what sort of caching setting you have set up in your browser
-
and what browser it is - and the alignment of neptune and saturn etc..
(ie:
nothing you can rely on server side). Ive seen it happen.

At the moment Im using the evil javascript location.replace trick to avoid
pages going into the history where possible. People who hit the back button
end up back on the login page...

I really wanted to give them an electric shock to help the "back is bad"
concept sink in properly, but alas! - the hardware isnt in place to
administer this form of 'interactive user training' :-(

-----Original Message-----
From: David Graham [mailto:dgraham1980@hotmail.com]
Sent: Tuesday, 11 March 2003 06:17
To: struts-user@jakarta.apache.org
Subject: RE: The Back button on on multi-page forms ??????


Then that is a browser specific issue.  When I hit the back button in Opera,
all of the form fields are just how I entered them.  Remember that the back
button does not contact the server so Struts has nothing to do with this.

David



>From: "Ron Day" <ronday@ronday.cc>
>Reply-To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
>To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
>Subject: RE: The Back button on on multi-page forms ??????
>Date: Mon, 10 Mar 2003 16:08:10 -0600
>
>sorry, I think we are going in circles.....
>
>This is a multipage form (3 to be exact but with only one actionform),
BUT
>my whole original issue was:
>
>When they hit the back button the original form content IS either
absent or
>different to their last entries (I do a reset in the actionform0.
>
>Am I doing something wrong or is this a fact of life with the back
button.
>
>ron
>
>-----Original Message-----
>From: David Graham [mailto:dgraham1980@hotmail.com]
>Sent: Monday, March 10, 2003 3:49 PM
>To: struts-user@jakarta.apache.org
>Subject: RE: The Back button on on multi-page forms ??????
>
>
>If this is a multi-page form, then don't use tokens and let them use
the
>back button to correct the data.  If it's a single page form, use
tokens
>and
>provide an update form where they can correct any mistakes they made on
the
>add form.  The difference is that the multi-page form will be
accumulating
>data in the session rather than immediately inserting it in the
database.
>
>David
>
>
>
> >From: "Ron Day" <ronday@ronday.cc>
> >Reply-To: "Struts Users Mailing List"
<struts-user@jakarta.apache.org>
> >To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> >Subject: RE: The Back button on on multi-page forms ??????
> >Date: Mon, 10 Mar 2003 15:36:25 -0600
> >
> >I completely understand your example and how validation works.....
> >
> >In my example, the error is not a validation error, it is a user
error
>(as
> >my example said a wrong phone number)
> >Say he/she typed in a home phone number and wants to go back and
change
>it
> >to his work phone.
> >The user instinctively will hit the back button.
> >That's where my problem starts..........
> >
> >ron
> >
> >-----Original Message-----
> >From: David Graham [mailto:dgraham1980@hotmail.com]
> >Sent: Monday, March 10, 2003 3:27 PM
> >To: struts-user@jakarta.apache.org
> >Subject: RE: The Back button on on multi-page forms ??????
> >
> >
> >1. User submits form with invalid data.
> >2. Form bean's validate() method returns ActionErrors
> >3. Struts *forwards* the request back to the input page with errors 
> >4. Input page displays errors. 5. User submits form again, if invalid 
> >goto step 1.
> >
> >There is no valid reason for the user to use the back button to
correct
> >data.  Tokens prevent the user from submitting the same form twice.
> >
> >David
> >
> >
> >
> > >From: "Ron Day" <ronday@ronday.cc>
> > >Reply-To: "Struts Users Mailing List"
<struts-user@jakarta.apache.org>
> > >To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> > >Subject: RE: The Back button on on multi-page forms ??????
> > >Date: Mon, 10 Mar 2003 15:07:40 -0600
> > >
> > >So, how can they correct a user error (i.e wrong phone number) on
the
> > >previous page, and resubmit the form?
> > >
> > >R
> > >
> > >-----Original Message-----
> > >From: David Graham [mailto:dgraham1980@hotmail.com]
> > >Sent: Monday, March 10, 2003 3:01 PM
> > >To: struts-user@jakarta.apache.org
> > >Subject: RE: The Back button on on multi-page forms ??????
> > >
> > >
> > >Pressing the back button does not contact the server and thus
cannot
>post
> > >any information.  When the user submits the form again, their token
>will
> >be
> > >invalid and your action will prevent a duplicate post.
> > >
> > >David
> > >
> > >
> > >
> > > >From: "Ron Day" <ronday@ronday.cc>
> > > >Reply-To: "Struts Users Mailing List"
><struts-user@jakarta.apache.org>
> > > >To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> > > >Subject: RE: The Back button on on multi-page forms ??????
> > > >Date: Mon, 10 Mar 2003 14:40:43 -0600
> > > >
> > > >Maybe I'm dumb, but it is not apparent to me how the "token" is
used
>to
> > > >make
> > > >the back button post the correct form information.
> > > >
> > > >R
> > > >
> > > >-----Original Message-----
> > > >From: David Graham [mailto:dgraham1980@hotmail.com]
> > > >Sent: Monday, March 10, 2003 12:48 PM
> > > >To: struts-user@jakarta.apache.org
> > > >Subject: RE: The Back button on on multi-page forms ??????
> > > >
> > > >
> > > >You'll notice that I also pointed you to the struts-example app
that
> > >shows
> > > >you how to use the methods you found in the javadoc.
> > > >
> > > >David
> > > >
> > > >
> > > >
> > > > >From: "Ron Day" <ronday@ronday.cc>
> > > > >Reply-To: "Struts Users Mailing List"
> ><struts-user@jakarta.apache.org>
> > > > >To: "Struts Users Mailing List"
<struts-user@jakarta.apache.org>
> > > > >Subject: RE: The Back button on on multi-page forms ??????
> > > > >Date: Mon, 10 Mar 2003 12:39:51 -0600
> > > > >
> > > > >Khalid
> > > > >
> > > > >I will share anything I find.
> > > > >
> > > > >Have not got too much help so far.....
> > > > >
> > > > >I am digging into the "tokens"
> > > > >
> > > > >Javadoc does not say much !!
> > > > >
> > > > >Ron
> > > > >
> > > > >-----Original Message-----
> > > > >From: Khalid K. [mailto:groups@maikada.com]
> > > > >Sent: Monday, March 10, 2003 12:25 PM
> > > > >To: ronday@ronday.cc
> > > > >Subject: Re: The Back button on on multi-page forms ??????
> > > > >
> > > > >
> > > > >Hello Ron,
> > > > >
> > > > >We have an application that has the same problem. if you got
the
> >"back"
> > > > >button issue resloved, could you please share the code sample
??
> > > > >I checked the java doc, and it looks like "isValidToken" is in
1.1,
> >and
> > > >not
> > > > >in 1.0.2.
> > > > >
> > > > >Thanks!
> > > > >
> > > > >Khalid
> > > > >
> > > > >----- Original Message -----
> > > > >From: "Ron Day" <ronday@ronday.cc>
> > > > >To: "Struts Users Mailing List"
<struts-user@jakarta.apache.org>
> > > > >Sent: Monday, March 10, 2003 10:14 AM
> > > > >Subject: RE: The Back button on on multi-page forms
> > > > >
> > > > >
> > > > > > I get the picture....thanks anyway.
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: David Graham [mailto:dgraham1980@hotmail.com]
> > > > > > Sent: Monday, March 10, 2003 12:04 PM
> > > > > > To: struts-user@jakarta.apache.org
> > > > > > Subject: RE: The Back button on on multi-page forms
> > > > > >
> > > > > >
> > > > > > See the Action class' javadoc for details.
> > > > > >
> > > > > > David
> > > > > >
> > > > > >
> > > > > >
> > > > > > >From: "Ron Day" <ronday@ronday.cc>
> > > > > > >Reply-To: "Struts Users Mailing List"
> > > ><struts-user@jakarta.apache.org>
> > > > > > >To: "Struts Users Mailing List"
><struts-user@jakarta.apache.org>
> > > > > > >Subject: RE: The Back button on on multi-page forms
> > > > > > >Date: Mon, 10 Mar 2003 11:54:32 -0600
> > > > > > >
> > > > > > >Thanks for the tip on tokens....
> > > > > > >
> > > > > > >I'm not familiar (yet) with tokens.
> > > > > > >Are these new in 1.1 or have they always been there.....
I
have
> >to
> > > >use
> > > > > > >Struts 1.0.
> > > > > > >
> > > > > > >Ron
> > > > > > >
> > > > > > >-----Original Message-----
> > > > > > >From: David Graham [mailto:dgraham1980@hotmail.com]
> > > > > > >Sent: Monday, March 10, 2003 10:24 AM
> > > > > > >To: struts-user@jakarta.apache.org
> > > > > > >Subject: Re: The Back button on on multi-page forms
> > > > > > >
> > > > > > >
> > > > > > >See the Action class' javadoc for the token methods and
the
> > > > >struts-example
> > > > > > >app for how to use them.
> > > > > > >
> > > > > > >David
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > >From: "Ron Day" <ronday@ronday.cc>
> > > > > > > >Reply-To: "Struts Users Mailing List"
> > > > ><struts-user@jakarta.apache.org>
> > > > > > > >To: "Struts Users Mailing List"
> ><struts-user@jakarta.apache.org>
> > > > > > > >Subject: The Back button on  on multi-page forms
> > > > > > > >Date: Mon, 10 Mar 2003 10:05:16 -0600
> > > > > > > >
> > > > > > > >Anyone have any ideas or best practises on how to handle
the
> >use
> > > > > > >(mis-use)
> > > > > > > >of the browser back button on multi-page forms.
> > > > > > > >
> > > > > > > >My forms work fine and validate Ok, but if the back
button is
> > >used
> > > > >the
> > > > > > > >forms
> > > > > > > >are not re-populated properly. In particular anything
that
>was
> >in
> > > >the
> > > > > > > >reset,
> > > > > > > >seems to be used when the form appears after the back
button
>is
> > > >used.
> > > > > > > >
> > > > > > > >ron
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > >
> >---------------------------------------------------------------------
> > > > > > > >To unsubscribe, e-mail:
> > >struts-user-unsubscribe@jakarta.apache.org
> > > > > > > >For additional commands, e-mail:
> > > >struts-user-help@jakarta.apache.org
> > > > > > >
> > > > > > >
> > > > > >
> >_________________________________________________________________
> > > > > > >Add photos to your messages with MSN 8. Get 2 months FREE*.

> > > > > > >http://join.msn.com/?page=features/featuredemail
> > > > > > >
> > > > > > >
> > > > > >
> > >
>---------------------------------------------------------------------
> > > > > > >To unsubscribe, e-mail:
> >struts-user-unsubscribe@jakarta.apache.org
> > > > > > >For additional commands, e-mail:
> > >struts-user-help@jakarta.apache.org
> > > > > > >
> > > > > > >
> > > > > >
> > >
>---------------------------------------------------------------------
> > > > > > >To unsubscribe, e-mail:
> >struts-user-unsubscribe@jakarta.apache.org
> > > > > > >For additional commands, e-mail:
> > >struts-user-help@jakarta.apache.org
> > > > > >
> > > > > >
> > > > > >
>_________________________________________________________________
> > > > > > MSN 8 with e-mail virus protection service: 2 months FREE* 
> > > > > > http://join.msn.com/?page=features/virus
> > > > > >
> > > > > >
> > > > > >
> >
>---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
>struts-user-unsubscribe@jakarta.apache.org
> > > > > > For additional commands, e-mail:
> >struts-user-help@jakarta.apache.org
> > > > > >
> > > > > >
> > > > > >
> >
>---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
>struts-user-unsubscribe@jakarta.apache.org
> > > > > > For additional commands, e-mail:
> >struts-user-help@jakarta.apache.org
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> >---------------------------------------------------------------------
> > > > >To unsubscribe, e-mail:
struts-user-unsubscribe@jakarta.apache.org
> > > > >For additional commands, e-mail:
>struts-user-help@jakarta.apache.org
> > > >
> > > >
> > > >_________________________________________________________________
> > > >MSN 8 with e-mail virus protection service: 2 months FREE* 
> > > >http://join.msn.com/?page=features/virus
> > > >
> > > >
> > >
>---------------------------------------------------------------------
> > > >To unsubscribe, e-mail:
struts-user-unsubscribe@jakarta.apache.org
> > > >For additional commands, e-mail:
struts-user-help@jakarta.apache.org
> > > >
> > > >
> > >
>---------------------------------------------------------------------
> > > >To unsubscribe, e-mail:
struts-user-unsubscribe@jakarta.apache.org
> > > >For additional commands, e-mail:
struts-user-help@jakarta.apache.org
> > >
> > >
> > >_________________________________________________________________
> > >Protect your PC - get McAfee.com VirusScan Online 
> > >http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> > >
> > >
> >
>---------------------------------------------------------------------
> > >To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > >For additional commands, e-mail:
struts-user-help@jakarta.apache.org
> > >
> > >
> >
>---------------------------------------------------------------------
> > >To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > >For additional commands, e-mail:
struts-user-help@jakarta.apache.org
> >
> >
> >_________________________________________________________________
> >Help STOP SPAM with the new MSN 8 and get 2 months FREE* 
> >http://join.msn.com/?page=features/junkmail
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: struts-user-help@jakarta.apache.org
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
>_________________________________________________________________
>The new MSN 8: smart spam protection and 2 months FREE* 
>http://join.msn.com/?page=features/junkmail
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: struts-user-help@jakarta.apache.org


_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message