File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSP and the fly likes Browsing with the back button Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Browsing with the back button" Watch "Browsing with the back button" New topic

Browsing with the back button

Jason Kwok
Ranch Hand

Joined: Mar 31, 2005
Posts: 126

I've made an application that shows user account information. The user can logout and I use session.invalidate() to remove the user information from the session.

In each .jsp page, I have code to check if the user info is null or not. If it is null, it's supposed to forward the user to the login screen which it does. However after a user logs out, if someone else were to come in and use the back button, they would see the user's account information. How can I stop this??
Scott Johnson
Ranch Hand

Joined: Aug 24, 2005
Posts: 518
Adding this code to your jsp will cause most browsers to not cache the response:

See the spec for more info.
Jason Kwok
Ranch Hand

Joined: Mar 31, 2005
Posts: 126
That's perfect Scott, thank you so much!
A Kumar
Ranch Hand

Joined: Jul 04, 2004
Posts: 980
You can also make use of filters that check whether the session is valid or not...
I agree. Here's the link:
subject: Browsing with the back button
It's not a secret anymore!