Disable browser back button for a CLIENT_CERT auth webapp

Question

My webapp has a CLIENT_CERT based JAAS authentication. I am using IE7.

When I click on logout, it takes me to my home page. Now clicking on the back button, the user should remain on the same page, which I acheived using history.forward() javascript. But the certificate dialog comes up since the previous page was secured.

How can I avoid the certificate dialog from not coming and also remain on the non-secure home page when user clicks on back button after logging out.

Answer 1

The only way to disable the back button within a window is to use location.replace() for every single interaction, which you cannot do if you need to submit any forms unless you target them to a hidden iframe and then do a location.replace() in reaction to the iframe's onload event once the form is submitted. This is really nasty and complicates everything.

The other technique to avoid users going back through pages (some online banking sites do it this way) is to launch the secure section in a new window, and have logout close it (you can force a close in IE with window.opener = null; before window.close();.