[keycloak-dev] browser backbutton

Bill Burke bburke at redhat.com
Fri Jan 22 17:17:28 EST 2016 

Talked to them.  They just didn't like that it was possible for 3 
redirects in a row.

On 1/22/2016 4:26 PM, Scott Rossillo wrote:
> > Yeah, I did that in 1.6....But jboss.org <http://jboss.org> team 
> didn't like it for performance reasons.
>
> The jboss.org <http://jboss.org> team seems misguided here to think 
> this approach creates a performance issue. Many high traffic and large 
> scale sites use this approach to solve back button issues.
>
> Scott Rossillo
> Smartling | Senior Software Engineer
> srossillo at smartling.com <mailto:srossillo at smartling.com>
>
> Latest News + Events <https://app.sigstr.com/uc/55e5d41c6533390d03580000>
> Powered by Sigstr <http://www.sigstr.com/>
>
>> On Jan 22, 2016, at 10:19 AM, Libor Krzyzanek <lkrzyzan at redhat.com 
>> <mailto:lkrzyzan at redhat.com>> wrote:
>>
>> I understand that frameworks are usually not “back/refresh button” 
>> friendly.
>> I was facing this problem in planet.jboss.org 
>> <http://planet.jboss.org/> with JSF as well and had to fix it with 
>> some workaround.
>>
>> So if you can keep this in mind in 2.0 or later please do it. You 
>> simply cannot force people to not use browser back button.
>>
>> Thanks,
>>
>> L.
>>
>> Libor Krzyžanek
>> jboss.org <http://jboss.org/> Development Team
>>
>>> On Jan 22, 2016, at 3:47 PM, Bill Burke <bburke at redhat.com 
>>> <mailto:bburke at redhat.com>> wrote:
>>>
>>> We just can't support back button at this time and not until 
>>> sometime in 2.0.  I'm hoping we can at least "disable" it by turning 
>>> off the cache. The way it will work is back button causes an HTTP 
>>> request with old URL and parameters, Keycloak will just see its old 
>>> and redirect to the current step in the flow.
>>>
>>> On 1/22/2016 9:40 AM, Libor Krzyzanek wrote:
>>>> Just read the discussion so let me clarify few things.
>>>>
>>>> Redirects
>>>> I’m fine with one redirect after POST. But it needs to be 
>>>> *one* redirect not 3. I was complaining about 3 additional 
>>>> redirects after hitting “LOGIN” button.
>>>> In apps that I’m author (e.g. planet.jboss.org 
>>>> <http://planet.jboss.org/>) I exactly use that pattern - after HTTP 
>>>> POST server returns 302 redirect to another page which helps with 
>>>> a) refresh button problem, b) browser back button problem.
>>>>
>>>> Back button:
>>>> From UX perspective the back button must work. Everybody use it. On 
>>>> Mac/iPad users are used to use gesture. I use it everywhere.
>>>> Personally when I come to some site which is trying to force me to 
>>>> use back button on page instead of back button in browser I always 
>>>> feels like using website written 5 years ago.
>>>>
>>>> Other comments inline.
>>>>
>>>> Thanks,
>>>>
>>>> Libor Krzyžanek
>>>> jboss.org <http://jboss.org/> Development Team
>>>>
>>>>> On Jan 21, 2016, at 3:22 PM, Bill Burke <bburke at redhat.com> wrote:
>>>>>
>>>>> Yeah, I did that in 1.6....But jboss.org <http://jboss.org/> team 
>>>>> didn't like it for performance reasons.
>>>>>
>>>>> On 1/20/2016 8:50 PM, Scott Rossillo wrote:
>>>>>> There's s pattern to handle the back button during flows. It's 
>>>>>> that a post should never render a view but redirect (HTTP get) to 
>>>>>> the failure or success view.
>>>>>>
>>>>>> http://www.codeproject.com/Tips/433399/PRG-Pattern-Post-Redirect-Get
>>>>>> On Wed, Jan 20, 2016 at 7:22 PM Bill Burke <bburke at redhat.com> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>     On 1/20/2016 3:49 PM, Stian Thorgersen wrote:
>>>>>>>
>>>>>>>     One additional thought. Maybe we could add a field to
>>>>>>>     autheticators to say if they support back, cancel or
>>>>>>>     nothing. Then the flow would allow going back if previous
>>>>>>>     supports back. It would allow cancel if all supports it, or
>>>>>>>     nothing is one says nothing
>>>>>>>
>>>>>>>     On 20 Jan 2016 19:48, "Stian Thorgersen"
>>>>>>>     <sthorger at redhat.com> wrote:
>>>>>>>
>>>>>>>         Firstly, let's drop KEYCLOAK-2325 from 1.8 and see if we
>>>>>>>         can fix it for 1.9.
>>>>>>>
>>>>>>>         Secondly, the back button should not navigate backwards
>>>>>>>         in the flow. Also, the refresh button should just
>>>>>>>         redisplay the page as it does now (ignoring the post). A
>>>>>>>         couple ideas to improve things though:
>>>>>>>
>>>>>>>         1) Set cache-control to "Cache-Control: no-store,
>>>>>>>         must-revalidate, max-age=0". This should force a reload
>>>>>>>         of the page when the user clicks the back button
>>>>>>>
>>>>>>
>>>>>>     Really? That's cool then, this will basically "disable" the
>>>>>>     back button :)  I'll try it out.
>>>>>>
>>>>
>>>> It doesn’t disable the back button. The browser just don’t use 
>>>> internal browser cache when the URL is visited either by refresh 
>>>> button or back button.
>>>>
>>>>>>
>>>>>>
>>>>>>>         2) Can we add a back link to some steps in the flow?
>>>>>>>         3) Can we add a cancel link to some steps in the flow?
>>>>>>>
>>>>>>
>>>>>>     You can reset the flow to the beginning, but can't go back
>>>>>>     one step.
>>>>>>
>>>>
>>>> From UX perspective back button on webpage needs to behave exactly 
>>>> same as back button in browser.
>>>>
>>>> Cancel is very confusing for me. For example on “Forgot password” 
>>>> is cancel button - what is purpose of it? what happen when I click 
>>>> on it? Where I would be redirected? I personally removed those 
>>>> cancel buttons from our theme because it’s not clear why they’re there.
>>>>
>>>>>>
>>>>>>
>>>>>>     -- 
>>>>>>     Bill Burke
>>>>>>     JBoss, a division of Red Hat
>>>>>>     http://bill.burkecentral.com <http://bill.burkecentral.com/>
>>>>>>
>>>>>>     _______________________________________________
>>>>>>     keycloak-dev mailing list
>>>>>>     keycloak-dev at lists.jboss.org
>>>>>>     <mailto:keycloak-dev at lists.jboss.org>
>>>>>>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>
>>>>>
>>>>> -- 
>>>>> Bill Burke
>>>>> JBoss, a division of Red Hat
>>>>> http://bill.burkecentral.com
>>>>> _______________________________________________
>>>>> keycloak-dev mailing list
>>>>> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>>
>>> -- 
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160122/f2ff6aa0/attachment-0001.html

More information about the keycloak-dev mailing list