PC SOFT

WINDEVWEBDEV AND WINDEV MOBILE
ONLINE HELP

Home | Sign in | English UK
  • Why manage the "Back" button? A simple example...
  • Step 1: Displaying the list of suppliers
  • Step 2: Clicking the "Customers" link.
  • Step 3: Clicking the browser "Back" button.
  • How to manage the "Back" button?
  • Detailed example of how to manage the "Back" button
WINDEV
WindowsLinuxUniversal Windows 10 AppJavaReports and QueriesUser code (UMC)
WEBDEV
WindowsLinuxPHPWEBDEV - Browser code
WINDEV Mobile
AndroidAndroid Widget iPhone/iPadApple WatchUniversal Windows 10 AppWindows Mobile
Others
Stored procedures
13. Security benefit: managing the "Back" button
Previous pageTable of contentsNext page
A browser allows you to navigate through the different pages of a site using the "Next" and "Back" buttons.
A specific page context is created on the server whenever a new Session page is displayed in the browser.
When the same Session page is used to display different data (page with browsing table, loopers or "Form with browse" page, etc.), the page context on the server changes according to the data displayed.
When the Web user clicks on the "Back" button, the browser does not inform the site or the server. The browser goes back to the previous page without the corresponding context.
No specific management is required when using a "Back" operation to go from one page to another.
A specific management is required when the same Session page displays different data.
Why manage the "Back" button? A simple example...
To understand why the "Back" button must be managed, let's take a look at a simple example: a Session page that displays the list of suppliers.

Step 1: Displaying the list of suppliers

The context contains the list of suppliers displayed in the Table control.

Step 2: Clicking the "Customers" link.

The customers are displayed. The page context is updated on the server: the context contains the list of elements displayed in this Table control (list of customers).

Step 3: Clicking the browser "Back" button.

The Session page displayed on the browser corresponds to the page displayed in step 1. However, the browser did not inform the server that the "Back" button was used by the Web user. The page context on the server is still the one corresponding to the customers.
If the Web user selects an element (a supplier) in the Table control, the selected element will be the corresponding element in the context: a customer. A desynchronization occurs between the dynamic page viewed and the page context found on the server. The WEBDEV engine detects this desynchronization.
This is why the Back button must be managed.
How to manage the "Back" button?
To manage the "Back" button, you can use:
  • the page synchronization code in Session mode . This code is called in case of desynchronization.
  • a hidden Edit control (invisible Edit control) to identify the record displayed in the browser.
  • the option "Call the page synchronization process if the user has used the browser "Back" button" on your buttons and/or links ("Advanced" tab of the button description).
You can choose and combine either of these options according to the type of action that can be performed in the page in Session mode.
Detailed example of how to manage the "Back" button
A dynamic page is used to browse the different products of a site. The buttons found in the page are as follows:
  • Back to main menu
    This action requires no specific management of the "Back" button. This button does not handle data files: a desynchronization between the context and the page displayed has no effect.
  • Delete the current product
    The "Delete the current product" action handles a data file. It is important that the deleted record corresponds to the record viewed by the Web user.
    To manage the "Back" button, we recommend that you use:
    • a hidden (invisible) control in the dynamic page: this control will contain the identifier of the record actually displayed in the browser.
    • the synchronization code: this code is used to update the context (search for the record viewed by the Web user).
The actions performed in the synchronization code will be:
  1. Re-read the record corresponding to the identifier stored in the hidden control.
  2. If the record is not found: an error page is displayed and the code of "Delete" button is not run.
  3. If the record is found, the page context is automatically modified on the server: the code of "Delete" button is run.
Total security!
Previous pageTable of contentsNext page
Minimum version required
  • Version 24
Comments
Click [Add] to post a comment