Search code examples
javaservletsrequestservlet-filtersservlet-listeners

is there a way to find out if the http request is coming from a expired web page

is there a way to find out if the http request is coming from a expired web page(IE Page which says webpage has expired). I am expiring a webpage on click of a back button. Now on the expired page, I do a refresh/or F5 and I want to take the user on a particular page with the error message. This particular page is my home page and request mapping is /homecontroller. I am trying to use a filter to achieve this but I dont have a way to know if the request is coming from the expired page or the login page. Can someone please help.

Example - Suppose there are 3 pages A(/controllerA) -> B(/controllerB) -> C(/controllerC).

  1. Now when I go to page B from page A, I cleared the cache by setting setCacheSeconds(0), setUseExpiresHeader(true), setUseCacheControlHeader(true), setUseCacheControlNoStore(true).
  2. Now I am going to page C from page B.
  3. Now I click browser back button when I am on page C so that I can go back to page B
  4. Now instead of getting page B, I get "Webpage has expired" message page of IE
  5. ON the above expired page, I do refresh or F5. Call goes to url (/controllerB)
  6. Now in the controller of (/controllerB), I want to check if this call is coming from expired page then forward this call to /controllerA so that home page A can be displayed. If this call is not coming from expired page, I want to show the page B from the /ControllerB
Solution

  • In general you would need some kind of token (parameter) passed from page B to page C to validate that request is not expired.
    This would be proposed flow:
    - on transition from A to B, you set in session attribute like 'expectedToken' = n
    - page B on transition to C, sends also this token (eg via request parameter in GET, or hidden in POST)
    - controller C, you check if expectedToken from request is same as in session and increment expectedToken in session. If token from request is the same as in session your transition is valid, if tokens didn't match then it was resend from expired page (since browser will use old token value, and you will have already incremented one in the session).