This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
I've made an application that shows user account information. The user can logout and I use session.invalidate() to remove the user information from the session.
In each .jsp page, I have code to check if the user info is null or not. If it is null, it's supposed to forward the user to the login screen which it does. However after a user logs out, if someone else were to come in and use the back button, they would see the user's account information. How can I stop this??