News with Image Anywhere - Back Button - Ducument Expired warning

losttrip · 20.03.2020 00:01:30

I have a Hidden NWI page. Hidden because I do not want visitors to have access to this page directly.

I have NWI Anywhere sections on various pages which show specific group posts.

I do not want the user to go back to the Hidden NWI page when they click "Back" at the bottom of the details pages, which is what the default Post Footer action does:

<div class="div_link">
<a href="[BACK]">[TEXT_BACK]</a>
</div>

So, instead, I use this to take them back to the previous page in their browser history:

 <button onclick="goBack()">Go Back</button>

<script>
function goBack() {
  window.history.back();
}
</script>

as suggested here - https://www.w3schools.com/jsref/met_his_back.asp

The issue I am having is when someone clicks the "Go Back" button at the bottom of the Details page, arrived at by clicking the "read more" link in their NWI Anywhere link, they get the following warning:

Document Expired
This document is no longer available.
The requested document is not available in Firefox’s cache.
As a security precaution, Firefox does not automatically re-request sensitive documents.
Click Try Again to re-request the document from the website.

I have tested this in several browsers, and it is consistent.

Does anyone know how to manage this?

losttrip · 20.03.2020 02:56:32

I did some more testing.

This only happens with NWI Anywhere posts that are on the home page, which I click on the read more on the home page without ever going to any other page first. If I go to any page, then return to the home page, all the NWI Anywhere detail page Back links take you safely back to the Home page without any warning.

ALSO...

This only happens when I have the <?php include(dirname(__FILE__).'/frontendlogin.php'); ?> implemented (which I do by default as I have clients testing the site).

Anyway, I don't know if there is any way to avoid this warning when using this password method.

Here is the code, I believe it was from Ruud initially.

<?php 
if(isset($_SESSION['l'])) return true;
if(isset($_POST['pass'])) {
	$password = $_POST['pass'];
	if($password == 'mypassword') {
		$_SESSION['l'] = true;
		return true; 
	}
}
ob_end_clean();
?>
<!DOCTYPE html>
<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<title>Login</title>
<style>
	* { margin: 0; }
	body{ background: #fff;}
	.box { text-align: center; font:16px verdana; width:345px; margin: 150px auto 0;}
</style>
</head>
<body>
<div class="box">
	<form id='login' method='post' accept-charset='UTF-8'>
	<input style="padding: 10px" type='password' name='pass' id='pass' maxlength="50" />
	<input style="padding: 8px" type='submit' name='Submit' value='Login' />
	</form>
</div>
<script>document.getElementById("pass").focus();</script>
</body>
</html>
<?php exit(); ?>

I just tested without the frontendlogin check and the warnings disappear.

I did a search on google for "window.history.back() Document Expired" and there comments about this being an issue with 'get' and 'post', but they seemed to be talking about when a form was completed and then the user tried to go "back" to the form page after. And I don't understand enough to know what I might try.

It's not a big issue for me. I can tell my clients that the warning will go away after we go live. They can ignore the warning while they check out the test site. I just thought I'd ask, since this is the first time I have experienced this.

webbird · 20.03.2020 11:41:41

losttrip schrieb:

I did a search on google for "window.history.back() Document Expired" and there comments about this being an issue with 'get' and 'post', but they seemed to be talking about when a form was completed and then the user tried to go "back" to the form page after.

This is what I would suspect here, too. In this case, you will get the same error if you just use the browser's [Back] button. Possible scenario:

The page where "Anywhere" is located on (the page where you click on "read more") has GET or POST data which is missing when you go back using JS.

GET or POST data is not limited to forms. Just take a look on the link / location of that page if there's something like "https : //forum.wbce.org/post.php?tid=3504&qid=30665". Anything after ? are GET parameters. To see POST you'd have to look at the network tab in the browser's DEV Tools (F12 in most browsers).

losttrip · 20.03.2020 22:05:48

Thank you for the reply. Yes, I now realize, after further testing, this issue has nothing to do with NWI and the way the 'back' is handled.

I did a test by entering the website on different sub-pages (not the home page) and after entering the password to show the page, I then clicked on any other page link in the nav, and then clicked my browser back button and I always get the "Document Expired" warning.

So, it seems to me, that it might be looking for the password entry again, or something, since this was the page I entered and filled in the password dialogue??? I really have no idea.

Could it be the POST in the third and/or fourth line:

<?php 
if(isset($_SESSION['l'])) return true;
if(isset($_POST['pass'])) {
	$password = $_POST['pass'];
	if($password == 'mypassword') {
		$_SESSION['l'] = true;
		return true; 
	}
}
ob_end_clean();
?>
<!DOCTYPE html>
<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<title>Login</title>
<style>
	* { margin: 0; }
	body{ background: #fff;}
	.box { text-align: center; font:16px verdana; width:345px; margin: 150px auto 0;}
</style>
</head>
<body>
<div class="box">
	<form id='login' method='post' accept-charset='UTF-8'>
	<input style="padding: 10px" type='password' name='pass' id='pass' maxlength="50" />
	<input style="padding: 8px" type='submit' name='Submit' value='Login' />
	</form>
</div>
<script>document.getElementById("pass").focus();</script>
</body>
</html>
<?php exit(); ?>

I PM'd you the website and pass, if you ever have the time to take a look first hand.

webbird · 26.03.2020 11:16:36

For the fellow readers: This issue was caused by the combination of Ruud's frontend login (post data) and the JavaScript "history.back". So it will go away as soon as the site goes public. (The frontend login is removed.)

There a two possible solutions:

1. If your provider offers folder based password protection (htaccess/htpasswd), use it. You can protect the entire installation - which means you will have to login twice if you go to the backend -, or the pages folder only. I'd suggest the first option.
2. If you need to use JavaScript history.back in a scenario like this, try to use window.location.replace(document.referrer); instead.

WBCE CMS Forum

#1 20.03.2020 00:01:30

News with Image Anywhere - Back Button - Ducument Expired warning

#2 20.03.2020 02:56:32

Re: News with Image Anywhere - Back Button - Ducument Expired warning

#3 20.03.2020 11:41:41

Re: News with Image Anywhere - Back Button - Ducument Expired warning

#4 20.03.2020 22:05:48

Re: News with Image Anywhere - Back Button - Ducument Expired warning

#5 26.03.2020 11:16:36

Re: News with Image Anywhere - Back Button - Ducument Expired warning

Fußzeile des Forums