6

I am currently developing a website for a women's refuge. As this is very sensitive information for those using the site I'd like to stop the browser from storing any history of their visit. Is this possible using something like the HTML5 History API? Ideally it would work in IE6+ too as there are a lot of people using old versions of IE.

I know browsers have Private Browsing modes, but most people don't know about them, so some automatic way would be best.

One potential (although less preferred) solution would be to prompt people to use Private Browsing mode if they aren't currently do so. Is it possible to detect this via JavaScript?

EDIT: I've accepted Virgil's answer as eduction is the best option as they may need to apply what they learnt to other sites too. I've also used Joseph's location.replace on the hide my visit button so it disables the back button.

One interesting thing to note is I tried using history.replace on all links on the site thinking this would replace all browser history meaning only the last page viewed was remembered. However opening the history panel in Firefox - not tested in other browsers - still showed a log of every page viewed, they were just inaccessible via the back button.

So, for anyone with a similar query, I'd like to reiterate that educating the user is the first step in protecting them. Thanks everyone for you advice.

Regards

Ric

Ric
  • 3,195
  • 1
  • 33
  • 51
  • 1
    Useful: http://stackoverflow.com/questions/2860879/detecting-if-a-browser-is-using-private-browsing-mode – Konerak Oct 25 '11 at 16:02
  • Good thinking, and good luck on your great cause! – Niklas Wulff Oct 25 '11 at 16:07
  • one solution is to have certain helpful innocuous partners load your page up AJAX style, or by proxy, etc, that makes it impossible for a second user to revisit. Maybe make a one time link that directs to your site via proxy, then have that one time link be destroyed or pointed elsewhere. – Lee Louviere Oct 25 '11 at 16:08
  • Thanks, I had a look at the link. Interesting stuff there. @Niklas, thank you! – Ric Oct 26 '11 at 07:45

4 Answers4

3

One way to do it is to make all navigation go exclusively through javascript using locarion.replace(url). This does not save a history state but also means the user could not really use bookmarks either. For a link, it would be similar to this

<a href="javascript:location.replace(location.host + '/wherever.html')" href="wherever.html">wherever</a>

Or 

<a href="#" onclick="location.replace(location.host + 'wherever.html'); return false;">wherever</a>

or similar.

Joseph Marikle
  • 76,418
  • 17
  • 112
  • 129
  • The inquisitive spouse will then indeed not see abuserefuge.org, but somesite.org - but when he visits the site to check it out, he still will see what it is about. – Konerak Oct 25 '11 at 16:06
3

Unfortunately this is not possible. User action would have to be taken to delete their history. I suggest you put up a warning so women can delete their history and you can include instructions for every major browser. In regards to HTML5 and JavaScript this would not be possible in IE6 as it doesn't support HTML5.

Virgil Shelton
  • 782
  • 5
  • 17
  • =1 to this answer from me. You could put in various hacks etc. that will obscure the history perhaps but you'd be much better off educating your users. This way they will have the choice if they want to wipe the history or not. Some people might want to use their history after all. – Lee Theobald Oct 25 '11 at 16:07
  • You can make it easier for them though: a non-suspect domain name, only one page visit and the rest charging using AJAX (only one history line to delete instead of 50), no cookies, no e-mail registration, panic button, video tutorials... – Konerak Oct 25 '11 at 16:09
  • @LeeTheobald, Virgil, we're a couple of big buttons on the site for telling people ho to use private browsing modes and a panic button. They've a slightly tacky animation to grab the users attention but I think their benefit outweighs stylistic concerns! Thanks for the advice. – Ric Oct 26 '11 at 07:42
0

Well, though I don't think you can "force" users to use private browsing, you can give them every opportunity to avoid the history.

For example, have the site attempt to store a cookie (both from the server and using a language like javascript). If the server can then re-detect the cookie on the next visit, redirect them to a "Use private browsing [and here's how] or proceed at your own risk" kind of landing page.

That about the only way around it.

I, of course, would also implement SSL, but I think this is more implied.

Brad Christie
  • 100,477
  • 16
  • 156
  • 200
-6

Wouldn't the solution be to use HTTPS? I am pretty sure browsers don't store the history for those sites.

Peter
  • 2,874
  • 2
  • 31
  • 42