Perhaps you are looking at a cached page ? It might also be that your logic could be at fault. I am not sure what you mean by logging into the super admin's page. What I picture here is, you have a page - welcome.jsp and some menus are available only for super admins ? Or do you have separate pages for users and the servlet redirection logic is at fault ?
Thankyou John for your reply. let me explain the program..
There is a page called index.jsp. There is a leftmenu where the permission to view the menu items is coming from the database. When a user don't have the permission to view the page it won't show that page also.
All the user details like - userid, firstname, lastname, main-menu setting, sub-menu setting, edit, delete permission is stored in the session.
So when i signout, i'm invalidating the session.but it is cached somewhere and when i login as another user it is bringing the one which i logged in before.. and when i press F5 key in the keyboard, it is showing the current user details.
Can you please attach the piece of code that you use to identify the user role? If you are using session.invalidate(), it is unlikely that any value will be retrieved from the session object again. It is supposed to throw IllegalStateException if any method is called on an invalidated session.