I've made an application that shows user account information. The user can logout and I use session.invalidate() to remove the user information from the session.
In each .jsp page, I have code to check if the user info is null or not. If it is null, it's supposed to forward the user to the login screen which it does. However after a user logs out, if someone else were to come in and use the back button, they would see the user's account information. How can I stop this??