Reputation: 33
Logout problem!
I have some 30 jsp pages with login and logout. I have put all the pages in the Session, so that only valid user can have access. Now the problem is, whenever user hits the logout the session gets invalidated but if the user presses the back button of the browser still it displays the secured pages (which shouldn't get displayed).
I got to know that the problem was with the browser which holds the cache and history. So I applied response.setheader("cache-control",.....) etc. on secured pages and also window.history.go(+1) in the body of secured pages.
It works fine to some extent but once in a while it displays the secured pages. And also once the user logs in session starts and when he will be inside the website, back button should work for him without any hassle (without prompting the user to resend the form data). Once he logs out the session should end and he should not be able to access the pages anymore by hitting back button. Is there any way to achieve this?
Upvotes: 1
Views: 1348
Answers (1)
Reputation: 240870
1 For checking if the user is authenticated don't use code on jsp , We have Filter for that only make use of it.
2 Make your Filter to do following to resolve caching issue
HttpServletResponse hsr = (HttpServletResponse) response;
hsr.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
hsr.setHeader("Pragma", "no-cache"); // HTTP 1.0.
hsr.setDateHeader("Expires", 0); // Proxies.
chain.doFilter(request, response);
3 Remove javascript
Upvotes: 5
Related Questions
- Auto Log Off once the session expires
- Logout using servlet
- How to logout automatically after session timeout on server in java web application
- Login an Logout misundertanding
- logout using AJAX and Java not working
- How to properly logout of a Java EE 6 Web Application after logging in
- Logout code needed
- Servlet 3.0 logout doesn't work
- Logout Button doesn't work (session invalidate)
- Implementing logout function