<% // I invalidate all my session when i logout and comes on Login.jsp page but if i go back still it open previous pages How i can stop these i am adding these line in avery jsp page 1) response.setHeader("Pragma","no-cache"); response.setHeader("Cache-Control","no-cache"); response.setDateHeader("Expires", 0); %>
2) and in Logout.jsp session.invalidate(); response.sendRedirect("Login.jsp");
still on reaching login page i can move to previous page by clicking back button
What this code makes is that once you log out you will be directed to login.jsp page and once this page is displayed then even by clicking the browser back button you will see the same login page again and again. So in this way you can prevent the user going back to previous page once he is logged out.
I don't know of any way to disable the back / forward buttons reliably either.
However, if a user logs out and uses the back button to go back into your site and tries to submit(reSubmit) anything from that page, your code should recognize the session is not valid and forward the user to the login page.
Joined: Dec 19, 2004
Wait a min. When a user clicks the back button then the request is not sent to server instead the cached page from the client is displayed.
I want to prevent the user to go back to see the page if he /she has logged out. But how yahoo has managed it. I logged out of yahoo account and it prevented me to go back to previous page (It displayed the contents for few seconds !!)
So I guess the problem still persists posted by Yong Ming Wai..Right ?