How to disable back button in web application

[Marc Kaufmann]

Hi all,

disclaimer: I am guessing that my current design simply doesn't allow me (easily) what I want, but there may be a solution I am unaware of.

In my Racket-powered website I want to disable the back button or keep people from using the back button to resubmit (with different data) a previous form or hit a link that is an embedded continuation to a function that should not be called twice.

One way I can do this is to set some variable in the database when the form is submitted or one of several links clicked on a page and check whether it already is set and disallow new submits (or some such). However, I want to do this in many places and don't want to sprinkle all my code and database with names that I can't track. I tried to achieve this by defining a new variable in the request itself that I set to #false initially and then set! to true when any link is hit -- but this fails if a person comes back, refreshes the page and clicks the link, since this creates a new instance of the variable.

Qualtrics surveys have this feature, but the way they implement it is (I think) by being single-page apps where the 'Next' button loads the new page content via an Ajax call. I don't see how to turn my current website into that without substantial rewrites.

Cheers,
Marc

[Jens Axel Søgaard]

Is `send/forward` what you need?

--
You received this message because you are subscribed to the Google Groups "Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to racket-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/racket-users/7e356eb4-e886-4f9c-90cd-0db658d14a91%40googlegroups.com.

--

--
Jens Axel Søgaard

[Stephen De Gabrielle]

Maybe also relevant 

https://docs.racket-lang.org/continue/index.html#%28part._.The_.Double_.Submit_.Error%29

The whole Continue tutorial is worth the time spent.

s.

To view this discussion on the web visit https://groups.google.com/d/msgid/racket-users/CABefVgzmMJMrqjAF4JXJU7txX9hU5HWBrfREP915j8ggi%3Dmt5w%40mail.gmail.com.

[Marc Kaufmann]

Thanks Jens, yes the send/forward seems to at least address a few of the cases that I have - not sure if it disallows the forms unless I use continuations in the forms (right now I am not, mostly just sending the request to the current URL. I'll have to see.

Yes, I worked through and read the Continue tutorial a few times and use redirect/get to work around the double submit error. But -- I think -- the redirect/get only avoids something like refreshing the page from leading to a new submit, although I may be wrong. I thought I used it in some places where I was able to go back and resubmit. I should double check, since I am not using redirect/get everywhere, so that may be the issue.

Cheers,

Marc

[Jens Axel Søgaard]

Den fre. 20. sep. 2019 kl. 13.51 skrev Marc Kaufmann <marc.ka...@gmail.com>:

Thanks Jens, yes the send/forward seems to at least address a few of the cases that I have - not sure if it disallows the forms unless I use continuations in the forms (right now I am not, mostly just sending the request to the current URL. I'll have to see.

Yes, I worked through and read the Continue tutorial a few times and use redirect/get to work around the double submit error. But -- I think -- the redirect/get only avoids something like refreshing the page from leading to a new submit, although I may be wrong. I thought I used it in some places where I was able to go back and resubmit. I should double check, since I am not using redirect/get everywhere, so that may be the issue.

Yes, the redirect trick only prevents the same data (as the result of a "submit" action) being sent twice. 
If the user goes back to the form, fills in the form again and the click submit again, a new set 
of data is sent.

If you need to prevent the same form being filled in twice, you could associate a key as
a hidden form value (say the md5 of a counter) and keep track in a database of which keys
have already been used.

To prevent the key table from getting too large, you can flip it around: keep the non-used keys in the

database, then on submission remove the key. If you also store the age of the key, you can

from time to time delete old keys.

/Jens Axel

 

[Marc Kaufmann]

Could I use the send/forward to essentially disable forms if I use as the `action` attribute on the form an (embed-url ...), which will no longer work later on? This will probably through an error if people do the 'Go back, resubmit' cycle, but I don't mind throwing an error on that, rather than gracefully failing. I'm not going to win any design contests that way, but solve a problem without dealing with any database interactions.

[Marc Kaufmann]

I haven't had the time to test it, but I am wondering if  calling (clear-continuations-table!) which send/forward does will delete all continuations, even those of other users. So suddenly links that other users want to use will also get wiped out. I probably won't have time to test today, but will check later. (I actually don't know how clear-continuations-table! could delete only continuations of the current user, since it can't know about users - so my guess is that this will not work.)

[Jens Axel Søgaard]

Den lør. 21. sep. 2019 kl. 10.05 skrev Marc Kaufmann <marc.ka...@gmail.com>:

Could I use the send/forward to essentially disable forms if I use as the `action` attribute on the form an (embed-url ...), which will no longer work later on? This will probably through an error if people do the 'Go back, resubmit' cycle, but I don't mind throwing an error on that, rather than gracefully failing. I'm not going to win any design contests that way, but solve a problem without dealing with any database interactions.

To avoid using a database, you could use a hash table to store the keys.

/Jens Axel