Removing the History?

[George Hester]

A user comes to the site and is presened with a Logon page. They enter the correct info in the
form and they are in. I am doing it like this:

<head>
<script type="text/javascript">
function form_onsubmit(){
window.location.replace('/yourin.asp');
return true;
}
</script>
</head>
<!-- -->
<form method="post" name="frmLogon" id="frmLogon">
<input type="submit" ...>
<input type="reset" ... >
</form>
<!-- -->
<script type="text/javascript">
document.forms('frmLogon').onsubmit = form_onsubmit;
</script>
<!-- -->

The idea was to remove the history. In other words to not allow Back to be used to return to
the logon page. This doesn't work the back in history is still available. Any suggestions how it can be done? Thanks.

 

[Lee]

George Hester said:

A user comes to the site and is presened with a Logon page. They enter =
the correct info in the
form and they are in. I am doing it like this:

<head>
<script type=3D"text/javascript">
function form_onsubmit(){
window.location.replace('/yourin.asp');
return true;
}

By returning true from the onSubmit handler, you're telling the
browser to replace the current page, and also to submit the form,
which also loads a new page (itself). Since you don't seem to
want to submit anything to the server, don't use a submit control.
Use a button with an onClick handler.

 

[Randy Webb]

A user comes to the site and is presened with a Logon page. They enter the correct info in the
form and they are in. I am doing it like this:

<head>
<script type="text/javascript">
function form_onsubmit(){
window.location.replace('/yourin.asp');
return true;

return false;

}
</script>
</head>
<!-- -->
<form method="post" name="frmLogon" id="frmLogon">

<input type="submit" ...>
<input type="reset" ... >
</form>
<!-- -->
<script type="text/javascript">
document.forms('frmLogon').onsubmit = form_onsubmit;
</script>

Get rid of that garbage script above.

<!-- -->

The idea was to remove the history.

Leave my history alone. But anyone that wants in your site can get in
directly. You are aware of that, right?

In other words to not allow Back to be used to return to
the logon page. This doesn't work the back in history is
still available. Any suggestions how it can be done? Thanks.

Yes, and a more reliable way. Have the form submit to itself, and
redirect accordingly. All it takes now is to view source and go directly
to yourin.asp

 

[George Hester]

return false;




Get rid of that garbage script above.


Leave my history alone. But anyone that wants in your site can get in
directly. You are aware of that, right?


Yes, and a more reliable way. Have the form submit to itself, and
redirect accordingly. All it takes now is to view source and go directly
to yourin.asp

Randy you cannot get into the site other then how I let you in. Guarenteed. You make think you are in but you are not.

As proof what is Osma's dream? You find that on the home page. If you can answer that then you are pretty good.

If you can answer it then you have asked for the user/pass which has no restrictions but without it I doubt it.

In any case thanks for the suggestions. I did do it using Server Side stuff.