问题
I am using Struts and Java. The problem is that I have a page with some results. The user can click an item and edit it. I want after editing the user to be able to return back to the results. Back isn't broken but if he submits the form for update he would have to click back 2 times I think and may have problem.
I have tried header("Referer") but this doesn't work in Internet Explorer.
I am trying to implement a solution. Any ideas? My idea is to save url and move around an ID of that url. And when I want to return back get the url from ID. Storing it in the session is not a solution because the user may have opened multiple windows.
回答1:
The best way is to pass it around as a request parameter. On the edit link or button, just pass the current URL along as request parameter. Here's an example with a link:
<a href="/login?from=${pageContext.request.requestURI}">edit</a>
Or if it's a button to submit a form, then rather pass it as hidden input value in the same form:
<input type="hidden" name="from" value="${pageContext.request.requestURI}">
In the page with the edit form, transfer it to the subsequent request as hidden input value of the form:
<input type="hidden" name="from" value="${param.from}">
In the action method, just redirect to that URL after finishing the action. Since I don't do Struts, I can't give a detailed Struts example, but here is how you would do it with "plain vanilla" Servlet, you must be able to port it to a Struts approach:
response.sendRedirect(request.getParameter("from"));
回答2:
Passing a URL as a request parameter may create security issues. Powerlord is right that the USER can alter the referrer header. This will allow the user to visit a page, something they can do anyway. More seriously, following a URL that is in a request parameter allows an attacker to send the user to a page of the attacker's choice, with the appearance that this page is recommended by your application. So the answer from BalusC can enable Cross-Site Request Forgery.
来源:https://stackoverflow.com/questions/2608357/java-seeking-referer