The best way to handle this is to make the page able to handle it
(usability is hard but your users will love you for it, or at least it
will be one less thing to complain about, LOL). This usually means that
you need to persist the data. Since you're dealing with credit cards,
cookies are a no-no which means that you probably need to create a table
to store the information. If you go this route, you should also make
sure to encrypt the data when you store it (use 128-bit or higher AES).
The credit card companies are really cracking down on this and will levy
big fines against companies that they find aren't doing this. Even
worse, they'll cut you off from being able to accept their card.

Another thing you can do (you should actually do this anyway since you
don't want transactional data cached) is make sure that you're doing a
POST and write out the expire HTTP headers (these go after the
Content-Type header):

Cache-Control: no-cache
Pragma: no-cache
Expires: 0

When a person hits the back button, they'll get an error about expired
data.

Of course, you could always be evil and make a window open up without
all of the navigation buttons but that still doesn't prevent someone
from using keyboard shortcuts.

Matt

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of Joe Giusto II
Sent: Wednesday, January 25, 2006 4:32 PM
To: web400@xxxxxxxxxxxx
Subject: [WEB400] Prevent Brower From Going Back To Credit Card Page

I am trying to prevent users from using the Back button in the web
browser
to get back to the page where the credit card number was entered.  Or
alternatively, be able to erase that page from the history log or back
button log.

The closest I have come is with this JavaScript, which will throw the
page
forward again when the user hits the back button.

</script><script
language="JavaScript">javascript:window.history.forward(-1);</script>

But does not prevent them from using the drop down arrow on the back
button
to go back several pages to get to it.

I realize the script will work if I put it on each page, but I need to
allow
them to go back and make changes until the final order page is accepted
or
rejected.  That is when I write out a confirmation page with the script
in
it.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.