We created an E-Newsletter for a client that includes lots of story links as well as banner adds. The majority of users are reading the newsletter in MS Outlook. The client thinks users will get confused when they click on a link from the newsletter and it opens in their browser and then the user can't hit the browser's back button in order to get back to the newsletter.
What are my options?
Is it possible to control where the Browsers back button takes the user? I would guess not for security reasons.
If I have the newsletter links go through our main site and then redirect to the desired page (story or ad), can I do it in such a way that the back button will work and won't result in the user being redirected back to the redirect page?
Is there a better approach?
Overall, the back and forward buttons step the user through the history and for security reasons, there is very little you can do about that. But ...
You do have a certain amount of control over the history. In particular, page 1 can say "go to page 2", and once the user is on page 2, the back button will return the user to page 1 OR page 1 can say "replace me in history with page 2"; then once the user is on page 2, the back button will return the user whatever was before page 1, if anything. This is a good way to Orwell redirect pages right out of memory.
See here for details.
Related
I want to go previous page when the user clicks on the browser back button. When I navigate another page, I can not go to the last page by using the browser back button. So, can anyone help me find a solution to this problem?
Ensure that every state that you want to show up in next/back is differentiated by a route change navigated to by NavigationManager.
If you make a page /somePage and you let the user step through several choices, and then the user navigates (using the URL bar) then hits the back button on the browser, they will go back to /somePage and not back to the choices they made.
If you make a page /somePage and each time the user makes a choice they are navigated to a new page using NavigationManager, for example /somePage/someSelection, then when they hit back they will go back to /somePage/someSelection. This requires you to load data on subpage choices on init based on optional page route parameters, but the tradeoff is having browser navigations that are part of next/back.
I want to restrict direct access to certain page in my application. Those pages can only be accessible if the user is redirected to those pages by the application.
All the redirections are done via ExternalContext#redirect(url) method.
User can use back and forward button, also can refresh the page by pressing F5 or via browser's refresh button. What I want is user cannot save, or bookmark URLs of some page, also cannot copy those redistricted URL and paste and go via address bar of the browser.
Followings are the cases:
Say, I have Page-A and Page-B.
Redirection is done to Page-B from Page-A.
User can go back to Page-A and can come again to Page-B by using browser's back and forward button.
User can refresh Page-B and he/she will stay in Page-B.
User CANNOT copy the URL of Page-B and access it later time (in new tab or by bookmarking).
Is it feasible? Any pointer would be very helpful to me.
I don't think you can do all that from JSF.
Your obvious alternative is to use Javascript.
I never herd a concept of disabling Bookmark option in Browser using Javascript. However you can always disable the address field if you open the page in new Window.
You can solve it with
JSF Navigation Handler - set a session attribute from some previous page and expire the value after some time with a timer. From the Handler impl check the value of the attribute and restrict access e.g. redirect to some other page in case the value is not present.
You can achieve similar behaviour with web frameworks. Enforcing controlled navigation is a basic feature in most WEB FXs e.g. JBoss Seam conversations or Spring Web Flow controlled navigation implementations.
Assuming the following scenario:
User is on product list page
Clicks a product and is redirected to the product detail page
Clicks on purchase button
POST /products/1/purchase/ is executed and redirects back to product detail page
User clicks back button
POST /products/1/purchase/ is executed again (FAIL! it should have been redirected to product list page)
How would you solve the back button problem?
Is there any response code that forces the browser to skip the location from history stack?
Assuming I can implement my own back button, how would you implement it?
Manually tracking the history, client-side
Manually tracking the history, server-side
Setting checkpoints and redirecting back to the checkpoint in case of existence
See:
Back button re-submit form data ($_POST)
I have a online shop. On the home page there are products, with a like button. When a person clicks on the button, it goes to their profile and it says that they liked it. However, I also want when the user clicks like, that it is posted to my BUSINESS FACEBOOK PAGE as well.
1. Is this possible?
2. Is this possible using the standard facebook like button?
I am implementing this on a site with Drupal which is using the FBConnect module.
Yes
No
We can't do anything with that standard facebook like button. That's the way it is. However, we can achieve what you want by other means.
Since you're the owner of the business page, you can get the access_token for it, preferably with publish_stream permission. Then you can use edge.create event on the pages with the like button and detect that to publish on your business wall.
Check the links. For the access_token / authentication link, look for "Page Login".
I'm trying to find a clean way so that the login and logout pages for my liferay portal aren't shown in my menu. For the login page I guess I could move the user to the private pages section but I have no clue how I can make the logout landing page not visible. And preferably the logout page would only be navigable to when you're effectively logged out so users can't accidentally go to it when they've got the url cached in their browser.
Any input would be appreciated.
Regarding hiding the landing pages: Just create them and check "hidden" in "Manage Page" for that page. This will make the page accessible according to the permissions, but hide it in the navigation - e.g. if you know the page's name, you can go there - just as you requested.
If you display the currently logged in user on the logout landing page (e.g. through the "Sign In" portlet, you don't need to display a message like "you've been logged out", but display the current state of the user's session.
Of course you're free to not use the Sign-In opportunity on that page, in this case you'll have to display the current session state in a different portlet. It could be as simple as a templated WebContent portlet, accessing the currently logged in user.
Edit: If you set default.logout.page.path=/web/guest/logout and auth.forward.by.last.path=true but you're still not redirected on logout, chances are that changes made through the UI override your portal-ext.properties. If you've edited "Settings" in ControlPanel, this is most likely the case. You can set these values there, on the first page in settings.
As noted in your comment: You cannot make the first page hidden. This shouldn't be a problem: Just make any other page hidden. Even if you don't have more public content than this, you can have at least a public page stating that you need to login. Make this the first, so the logout page can be either a child page of this or a new toplevel page - but most importantly: It can be hidden.