[keycloak-dev] browser backbutton

Libor Krzyzanek lkrzyzan at redhat.com
Fri Jan 22 10:19:08 EST 2016 

I understand that frameworks are usually not “back/refresh button” friendly.
I was facing this problem in planet.jboss.org with JSF as well and had to fix it with some workaround.

So if you can keep this in mind in 2.0 or later please do it. You simply cannot force people to not use browser back button.

Thanks,

L.

Libor Krzyžanek
jboss.org Development Team

> On Jan 22, 2016, at 3:47 PM, Bill Burke <bburke at redhat.com> wrote:
> 
> We just can't support back button at this time and not until sometime in 2.0.  I'm hoping we can at least "disable" it by turning off the cache.  The way it will work is back button causes an HTTP request with old URL and parameters, Keycloak will just see its old and redirect to the current step in the flow.
> 
> On 1/22/2016 9:40 AM, Libor Krzyzanek wrote:
>> Just read the discussion so let me clarify few things.
>> 
>> Redirects
>> I’m fine with one redirect after POST. But it needs to be one redirect not 3. I was complaining about 3 additional redirects after hitting “LOGIN” button.
>> In apps that I’m author (e.g. planet.jboss.org <http://planet.jboss.org/>) I exactly use that pattern - after HTTP POST server returns 302 redirect to another page which helps with a) refresh button problem, b) browser back button problem.
>> 
>> Back button:
>> From UX perspective the back button must work. Everybody use it. On Mac/iPad users are used to use gesture. I use it everywhere.
>> Personally when I come to some site which is trying to force me to use back button on page instead of back button in browser I always feels like using website written 5 years ago.
>> 
>> Other comments inline.
>> 
>> Thanks,
>> 
>> Libor Krzyžanek
>> jboss.org <http://jboss.org/> Development Team
>> 
>>> On Jan 21, 2016, at 3:22 PM, Bill Burke < <mailto:bburke at redhat.com>bburke at redhat.com <mailto:bburke at redhat.com>> wrote:
>>> 
>>> Yeah, I did that in 1.6....But jboss.org <http://jboss.org/> team didn't like it for performance reasons.
>>> 
>>> On 1/20/2016 8:50 PM, Scott Rossillo wrote:
>>>> There's s pattern to handle the back button during flows. It's that a post should never render a view but redirect (HTTP get) to the failure or success view. 
>>>> 
>>>> http://www.codeproject.com/Tips/433399/PRG-Pattern-Post-Redirect-Get <http://www.codeproject.com/Tips/433399/PRG-Pattern-Post-Redirect-Get>
>>>> On Wed, Jan 20, 2016 at 7:22 PM Bill Burke <bburke at redhat.com <mailto:bburke at redhat.com>> wrote:
>>>> 
>>>> 
>>>> On 1/20/2016 3:49 PM, Stian Thorgersen wrote:
>>>>> One additional thought. Maybe we could add a field to autheticators to say if they support back, cancel or nothing. Then the flow would allow going back if previous supports back. It would allow cancel if all supports it, or nothing is one says nothing
>>>>> 
>>>>> On 20 Jan 2016 19:48, "Stian Thorgersen" < <mailto:sthorger at redhat.com>sthorger at redhat.com <mailto:sthorger at redhat.com>> wrote:
>>>>> Firstly, let's drop KEYCLOAK-2325 from 1.8 and see if we can fix it for 1.9.
>>>>> 
>>>>> Secondly, the back button should not navigate backwards in the flow. Also, the refresh button should just redisplay the page as it does now (ignoring the post). A couple ideas to improve things though:
>>>>> 
>>>>> 1) Set cache-control to "Cache-Control: no-store, must-revalidate, max-age=0". This should force a reload of the page when the user clicks the back button
>>>> 
>>>> Really?  That's cool then, this will basically "disable" the back button :)  I'll try it out.
>> 
>> It doesn’t disable the back button. The browser just don’t use internal browser cache when the URL is visited either by refresh button or back button.
>> 
>>>> 
>>>> 
>>>>> 2) Can we add a back link to some steps in the flow?
>>>>> 3) Can we add a cancel link to some steps in the flow?
>>>> 
>>>> You can reset the flow to the beginning, but can't go back one step.
>> 
>> From UX perspective back button on webpage needs to behave exactly same as back button in browser.
>> 
>> Cancel is very confusing for me. For example on “Forgot password” is cancel button - what is purpose of it? what happen when I click on it? Where I would be redirected? I personally removed those cancel buttons from our theme because it’s not clear why they’re there.
>> 
>>>> 
>>>> 
>>>> -- 
>>>> Bill Burke
>>>> JBoss, a division of Red Hat
>>>> http://bill.burkecentral.com <http://bill.burkecentral.com/>_______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>>> -- 
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com <http://bill.burkecentral.com/>_______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
> 
> -- 
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com <http://bill.burkecentral.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160122/0de6e7a1/attachment.html

More information about the keycloak-dev mailing list