aspose file tools*
The moose likes JSP and the fly likes Browsing with the back button Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Browsing with the back button" Watch "Browsing with the back button" New topic
Author

Browsing with the back button

Jason Kwok
Ranch Hand

Joined: Mar 31, 2005
Posts: 126
Hi,

I've made an application that shows user account information. The user can logout and I use session.invalidate() to remove the user information from the session.

In each .jsp page, I have code to check if the user info is null or not. If it is null, it's supposed to forward the user to the login screen which it does. However after a user logs out, if someone else were to come in and use the back button, they would see the user's account information. How can I stop this??
Scott Johnson
Ranch Hand

Joined: Aug 24, 2005
Posts: 518
Adding this code to your jsp will cause most browsers to not cache the response:



See the spec for more info.
Jason Kwok
Ranch Hand

Joined: Mar 31, 2005
Posts: 126
That's perfect Scott, thank you so much!
A Kumar
Ranch Hand

Joined: Jul 04, 2004
Posts: 979
You can also make use of filters that check whether the session is valid or not...
 
wood burning stoves
 
subject: Browsing with the back button