提交后使页面过期

I'm implementing an iAuth form for a credit application in a J2EE container (JSTL+JSP+Stripes). The vendor states in the implementation guide:

Expire the “Questions” page after answers submission

When performing iAuth transactions you will need to “expire” the page on which the consumer's questions will be displayed after they have submitted their answers. This is crucial in order to prevent a consumer from using the "back" button to modify their answers after they have already submitted them once and found that their authentication attempt was unsuccessful. Once the answers to a question set have been transmitted to vendor, that question session is closed. Any additional attempts at modifying the answers to the same question set will result in an "invalid transaction-continue" response.

I am unsure what this means.

Are "they" suggesting just setting "Cache-Control" and/or "Pragma" headers on the form page?

#0

Well you can use HTTP related techniques to expire pages. But those methods are rather what I consider "soft" techniques.

To better secure your system, you may want to follow this kind of server-side implementation:

Page A refers to the page that goes to the Form Page and Page B is the controller which receives the information posted by Form Page.

  1. User visits Page A
  2. Page A determines that the Form Page should be viewable to User
  3. Page A creates a session variable A and sets it to true
  4. Page A shows a link, or redirect the User, to Form Page
  5. Form Page determines whether User can view the page by checking session variable A
  6. Form Page displays the form.
  7. User enters the information and submits the form
  8. Form Page post data to Page B
  9. Page B receives the information, validate, and delete session variable A

Of course it can be even more complex with time checking (whether the User took too long from Page A to Form B, or took merely a second to submit Form Page to Page B).

When it comes to security in networking: Server side > Client Side

推荐文章

像过滤器一样应用于液体饮料

像过滤器一样应用于液体饮料

推荐文章

使用Visual Studio在Win 7上安装SQL Server时出现问题

使用Visual Studio在Win 7上安装SQL Server时出现问题

推荐文章

在c#3.0中,VB的CreateObject等价于什么?

在c#3.0中,VB的CreateObject等价于什么?

推荐文章

CruiseControl.net-CCNetUser属性为空

CruiseControl.net-CCNetUser属性为空

推荐文章

有来电时无法拍摄图像?

有来电时无法拍摄图像?

推荐文章

为什么在ui:repeat中h:dataTable不能获得正确的ID?

为什么在ui:repeat中h:dataTable不能获得正确的ID?

推荐文章

Java foreach循环中的ClassCastException

Java foreach循环中的ClassCastException

推荐文章

用bundler维护一组rails gems补丁最简单的方法是什么?

用bundler维护一组rails gems补丁最简单的方法是什么?

推荐文章

如何使用编码的UI测试执行自己的断言

如何使用编码的UI测试执行自己的断言

推荐文章

SYSBASE连接字符串

SYSBASE连接字符串

推荐文章

在宏更改时强制erl-make重新编译文件

在宏更改时强制erl-make重新编译文件

推荐文章

Adobe Air-window.nativeWindow未定义

Adobe Air-window.nativeWindow未定义

推荐文章

在Scala中初始化数组

在Scala中初始化数组

推荐文章

如何在android手机上显示wml页面

如何在android手机上显示wml页面

推荐文章

语音识别和语音合成入门

语音识别和语音合成入门

推荐文章

VisualStudioC++快速表2010 -它与非托管代码一起工作吗?

VisualStudioC++快速表2010 -它与非托管代码一起工作吗?