This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JSP and the fly likes Logout problems Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Logout problems" Watch "Logout problems" New topic
Author

Logout problems

shashikant nagavarapu
Greenhorn

Joined: Jul 08, 2005
Posts: 26
I am facing a strange problem related to history. I am working on a web-application which requires authentication.Logging off
using the following code:

<%
response.addHeader("Cache-Control", "post-check=0, pre-check=0");
response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
response.addHeader("Cache-Control", "post-check=0, pre-check=0");
if (session != null)
{
session.removeAttribute("sessionID");
session.removeAttribute("userID");
session.invalidate();
}
%>
<jsp:forward page="login.jsp" />

After this I see the login page.

The problem is if the user clicks back buton he sees the previous page
containing all information which I want to restrict. I am checking for
sessionID and userID in the header.jsp page common for all pages in
the application. But still the pages are being displayed based on history.

header.jsp code:

<%
if (((String)session.getAttribute("sessionID")) == null)
{
%>
<jsp:forward page="/login.jsp" />
<%
}
else if (((String)session.getAttribute("userID")) == null)
{
%>
<jsp:forward page="/login.jsp" />
<%
}
else
{
%>

show the page content



Any help would be appreciated.
Thanks
moh sak
Ranch Hand

Joined: May 11, 2005
Posts: 78
Hi, try clearing the cach using this code, and please let me know if it does work or not
shashikant nagavarapu
Greenhorn

Joined: Jul 08, 2005
Posts: 26
Thankx for answer but it did not work. On clicking back the pages are still accessible with the content
Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
Are you sending out the above 3 response headers in all the restricted content pages as well? I normally do this with a NoCacheFIlter.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Logout problems
 
Similar Threads
Session is not working
What to the holy cache is that???
Logout, Browser back button problem
Session variables in Netscape 4.76?
Disabling forward and back button in IE