Possible Duplicate:
Disable browser's back button
How can I disable a browsers back button, in an asp.net mvc project. Can I use java script for this ? or is there any other ways to do this ?
Asked
Active
Viewed 2.2k times
2
-
6I hope not. I sure wouldn't want to use a site that tries to control my browser like that. You might be able to fake it using JavaScript... but I don't think you can control the buttons themselves like that. – FrustratedWithFormsDesigner Aug 31 '10 at 17:12
-
2Has the end user wronged you in some way that you want to damage their browser? If you want to avoid accidental navigation you could use the `onbeforeunload` event. – Nick T Aug 31 '10 at 17:14
-
1If you're trying to prevent accidental double-submits of forms, it's better handled at the server; this is not effective. – Piskvor left the building Aug 31 '10 at 17:17
-
...People might react with less hostility to this idea if you can give a clear reason that you'd want to do this (such as to prevent double-submits as Piskvor suggested). – FrustratedWithFormsDesigner Aug 31 '10 at 17:25
-
1In the future, try to ask how to solve a certain problem, not how to achieve a solution of which you think that it's the right solution, but which after all is absolutely not. – BalusC Aug 31 '10 at 17:29
5 Answers
4
A website should not try to cripple the browser, but instead should work inside the browser-page system of the web. There are good reason for not wanting the user to click back (re-POSTing data, especially financial transactions and the like), but rather than forcing them not to, your website should handle these gracefully. Using a good framework like .NET leaves you a lot of great options for keeping your site stateful even amid the stateless web. Write your code to fit the browser, don't make the browser fit your code (like the ridiculous no-right-click javascripts of yesteryear).
That said, thankfully there is no way to do this, and even if there were, it could always be disabled on the client side.
Chet
- 21,375
- 10
- 40
- 58
0
I would have to assume it is impossible. That would be a big security issue on most browsers. I don't even remember in IE4 when the most extreme things were allows, you being able to do it.
Anthony Greco
- 2,885
- 4
- 27
- 39
-
2I don't understand how it would be a "security" issue. A usability issue, yes. How can a website's security rely on a user having the ability to use the back button? – Matthew Aug 31 '10 at 17:25
-
1@Matthew: I'm sure *someone* would find a nasty way to exploit it... ;) – FrustratedWithFormsDesigner Aug 31 '10 at 17:42
-
@Matthew: site could check referral URL (e.g. bankofamerica.com) and halt operation on back press, replacing the current page with a bankofamerica phishing site. I'd bet good money somebody would be fooled by this. – treeface Aug 31 '10 at 17:58
-
@treeface If you are on bankofamerica.com it's going to be using a secure connection. "If a website is accessed from a HTTP Secure connection and a link points to a non-secure connection, then the referrer header is not sent" - http://en.wikipedia.org/wiki/HTTP_referrer. Not to mention I'm sure bankofamerica.com takes great care in the websites they link to. – Matthew Aug 31 '10 at 18:13
-
Sure, of course, but you get the idea. Things can be faked. A better example might be something like reddit or stackoverflow linking to some website. On back the malicious site fakes a login page. – treeface Aug 31 '10 at 18:15
-
@treeface, alright, but actually disabling the back button wouldn't be a security issue (as I've understood so far). Also, the things you've mentioned would mean the website would be able to "know" that the back button was pressed which (I believe) isn't possible. – Matthew Aug 31 '10 at 18:29
-
Indeed you are correct. I suppose I was presenting a (presumably) fictional alternate universe where a browser had granted not only access to disable the back button but also an event to detect it. I took the question more as: "is there an event in javascript that detects the back button being pressed for which you can return false, killing the normal execution of the event?", and in this context, perhaps you can see what I was getting at. Specifically disabling the back button presents no real security issue (as far as I can tell), but it does present a very real UI consistency issue. – treeface Aug 31 '10 at 18:36
-
I did not mean someone was going to be able to use it to exploit the system, i meant it would allow users to confuse and make the browser in a way not expected or wanted by the user. Lets say i click to www.blah.com and now want to go back. To disable it is surely not what I want. Talk to some people who have no clue about a computer. The second they see their Back button not work they will assume they have a virus or are being hacked. To them it's a security issue. – Anthony Greco Aug 31 '10 at 23:16
-
And for the link issues there's plenty of examples of how to do this. Example would be a lot of sites, including AOL.com used to have URL's like site.dhtml?msg=BLAH where u could inject HTML into msg. Now a meta redirect injected to a fake phish site is a perfect situation explaining a security issue. Especially since my mother, who has used a computer since I have (15 years) has no clue what HTTP or HTTPS is. – Anthony Greco Aug 31 '10 at 23:18
0
I don't think that you can disable the back button, althought there are some "techniques" like those described in this site: http://www.htmlgoodies.com/tutorials/buttons/article.php/3478911/Disabling-the-Back-Button.htm
tehsis
- 1,602
- 2
- 11
- 15
0
It is not possible to the disable the BACK button of the browser, but if you don't want the user to go back to a previous page then you can add this javascript function to your page:
<script language="javascript">
function DisableBackButton()
{
history.forward();
}
</script>
And call this function in body only..
Like
<form id="form1" runat="server">
<script language="javascript">DisableBackButton();</script>
---your page design----------
</form>
dvanaria
- 6,593
- 22
- 62
- 82