Don’t punish the back button

The back button on the browser is one of the most used buttons in the browser. It’s used far more often then Stop, Refresh and Forward combined. It’s incredibly useful for getting back to a recently viewed page or canceling a navigation that you didn’t mean to make. Unfortunately some website are punishing users for clicking the back button by displaying error messages.

Why are websites doing this?
Some websites, especially financial websites (paypal and Citizens bank as an example) want to make sure they don’t accidentally process a transaction twice. So instead of writing code to check if the transaction has already occurred they cheat. By adding a single line of code they tell the browser not to cache the page, ever. This in conjunction with the POST setting on a form causes the browser to show an error page when the user clicks back.

Why is this bad?
Users should always feel safe clicking the back button. There should never be a fear that clicking the back button could result in an ugly error message.

The actual error message that is shown is misleading and may cause some users to incorrectly change their dial-up or connection settings.

If the users can’t click the back button they will need to navigate forward to try to find the appropriate page that they want. Because links don’t have to be bi-directional it’s possible that they will not find a path back to the page they wanted.

What to do?
From the code side it is possible to detect this condition and redirect the user gracefully to an appropriate page. It’s also possible to check for duplicate form transactions by flagging each form with a unique identifier. There are several solutions that can be used including the use of cookies, JavaScript and server side re-direction. The key is to avoid breaking the browsing experience.

I recently had to pay two bills online one through Citizens and one through Bank of America. The interfcae between the two is somewhat similar but the attention to detail on the Bank of America site and the ability to use the back button made a huge difference. Bravo to Bank of America for taking the time to do this right.


Do you have a project in mind? We’d love to work with you. If you’d like an opportunity to work on projects with us, check out our Careers page. We’re hiring!

2 thoughts on “Don’t punish the back button”

  1. First of all, i am leaving bank of america for this reason.

    There is no security with a back button.

    Today i was checking my balance made a few transfers and then went to google to serach a few things.

    While conducting my search i hit the back button a few to many times and to my shock and awe, i was back in my bank of america account.

    Ok so i thought maybe it was just a snap shot. No i could navigate around and view each account.

    BoA leaves an open door to leaking my account information. Not to mention they allow you to view your full account number online.

    All secure websites should not allow you to use the back button. As you progress through the website each door should be closed behind you.

    I may not be have millions but i wont stay with a bank that has this poor or security.

  2. Bank of America is one of the few sites that works correctly with the back button. Bravo.

    Their site is session based and secure. After a couple minutes of inactivity your scenario would not have worked. If you had closed the browser or the browser tab it would have worked as well.

    When you navigated away they could have detected that you were leaving the site and asked if you wanted to be logged out but this would cause other issues.

Leave a Comment