How to Escape Forward Slash in XML

Own history

Written by: Rainer Völschow
Category: ASP Tricks

If you have visited a page in the browser and go back one or more pages with Javascript () or the back button, you can return to this page using the forward button. This enables a user to enter data twice. This article is intended to show how this can be prevented. Because the browser's history list can only be manipulated to a limited extent (via client-side JavaScript or VBScript), another solution must be found.

Creation of a list

One solution to the problem would be to create a separate history for each user on the web server using ASP. The core of this undertaking is the server variable SCRIPT_NAME. It contains the name (including the path) of the current ASP page.

So you can use the ServerVariable SCRIPT_NAME the name of the currently processed ASP script including the virtual path (e.g. /support/inquiry.asp), compare it with the visited pages in the history list, and then add the visited page to the history list.

Save the list in a session variable

Similar to the client-side model - the history object in the browser - the list we use should also be available across scripts. However, the list should be deleted when the current web application is no longer used. This property is primarily fulfilled by ASP session variables.

The following ASP script shows how to query the current page and manage the history list stored in a session variable:

<% curSite = Request.Servervariables("Script_Name") ablage = Session("history") If InStr(ablage,curSite) > 0 Then Response.Write("Diese Seite wurde schon besucht." & _ "<a href=javascript:history.go(-1)>Zurück</a>") Else Session("history") = Session("history") & _ curSite & " | " End if %>

In the first step, the name (including the virtual path) of the current script is determined and stored in the variable curSite filed. The content of the session variable History is temporarily stored in the variable storage. Subsequently, with the help of the function InStr (= contained in string) checks whether the previously determined name of the current ASP page, which is now available as a string, is already in the variable filing is located or not. The return value of the function InStr for this check is either 0 if the page has not yet been visited, or greater than 0 if the page is already in the variable filing is saved. The zero as a result of the InStr function means that the character string cursite not in the string filing is available. A value greater than zero indicates the position of the string filing in curSite at.

If this string is not found in the session variable, the content of the session variable is changed to the variable content of curSite expanded. The "|" character serves as a separator and can actually be replaced by any other character. However, it is not recommended to use the period or the slash, because the same is already used in the name of the ASP file. Since this part of the script looks the same on every protected page and can be used unchanged, the inclusion of the script is possible using #include Directive, recommended in all ASP pages to be protected.

You can also count the entries in our history list. Now there is no predefined string function in VBScript with which one can simply determine the number of any character (the RegExp object in VBScript 5 cannot be said to be easy to use). In contrast to this, the arrays have a counting function that can be used to determine the number of elements. Before you can use this function, the string must first be split into an array. Since the content of the session variable is still required, it must not be changed.

<% ablage = Split(Session("history"),"|") anzahl = UBound(ablage,1) %>

Splitting the character string into an array can, as shown here, with the function Split (variable, separator) respectively. Each substring between the previously defined separator is written in its own array element. After converting the character string into an array, the function UBound (array name, dimension) determine the dimensions of an array. The parameter 1 only indicates that the number of elements in the first dimension of the array should be determined.

Entries in the history session variable are deleted with ReplacePlease note that the separator is also deleted. This prevents the number of list entries from being falsified. The history content can be written to the browser using Response.Write ().

When the user leaves the web application (closing the browser window or inactivity on the website for a certain period of time), the current session is ended, whereby the session variable history also loses its validity and is automatically discarded by the server.

Possibility of saving the history in the application

The disadvantage of using session variables is that the browser has to save a session cookies so that the web server can assign the call of an ASP page to a specific session. If the browser does not accept cookies, a new session begins for the user when a new ASP page is called up. As an alternative to session variables, VBScript offers application variables that are not linked to cookies. In contrast to the session variables, they are not assigned to the current session ID, so that the content of an application variable is available to all users for ASP scripts.

Because of this property, a little more programming effort is required to create your own history list in order to create a separate history list for each user. This can be achieved by defining a variable name that must be unique for each user. In addition, it must be ensured that application variables that are no longer required are deleted, since otherwise the memory of the web server is unnecessarily loaded and cluttered, which is noticeable in a drastic loss of performance.

Final remark

The possibility presented here can prevent the visitor from entering data twice in a database within a user session. However, a page that has already been visited could still be reached with the browser's 'Forward' or 'Back' buttons. If you want to prevent this, you can use another trick by setting the expiration date for an ASP page to "Immediately" at the beginning of every ASP script:

Response.Expires = 0 Response.AddHeader "Pragma", "no-cache" Response.AddHeader "cache-control", "no-store"

This causes most browsers to stop displaying the page when using the 'forward' or 'back' buttons.

Download the code

Click here to start the download.

Related articles

Browser and Proxy Caching - Where Pages Really Come From
Redirects with frame targets

Now if you have any questions ...

If you have any questions about the technology presented in this article, just take a look at the community forums of the German .NET community. Participants will be happy to help if you want to learn more about the technology featured in the article.

If you have any questions that relate directly to the content of the article, write to the author! Our authors welcome feedback on their articles. A simple click on the Contact the author Button (below) and you have a personalized request form for this article.


And last but not least, we would like to ask you to rate the article. This will help us improve the quality of the articles - and help other readers choose which articles they should read.



© 2000-2006
All rights reserved. The content of these pages is copyrighted.
A transfer of texts (even in part) or graphics requires our written consent.