| Author |
logout problem
|
Adewale Adebusoye
Ranch Hand
Joined: Sep 28, 2005
Posts: 118
|
|
in my web application, when the user logs out, he or she is redirected to a logout page. the problem is that when the user clicks the "back" button on the browser, he or she is still able to get back into the application.This could constitute a serious security risk. Please how do i get around this? 
|
"Human beings can alter their lives by altering their state of mind" William James
|
 |
Vishnu Prakash
Ranch Hand
Joined: Nov 15, 2004
Posts: 1026
|
|
You got to use response Headers to solve this issue
|
Servlet Spec 2.4/ Jsp Spec 2.0/ JSTL Spec 1.1 - JSTL Tag Documentation
|
|
Adewale Adebusoye
Ranch Hand
Joined: Sep 28, 2005
Posts: 118
|
|
|
thanks vishnu but where exactly do i insert the code? because its when the user clicks the signout hyperlink that it calls the signout page. theres no servlet/jsp in between even though its part of the overall application.
|
|
Vishnu Prakash
Ranch Hand
Joined: Nov 15, 2004
Posts: 1026
|
|
|
Include these response headers in those web components(servlets/jsp) which shouldn't be cached(stored) by the browser
|
|
Saket Barve
Ranch Hand
Joined: Dec 19, 2002
Posts: 224
|
|
It might just be better to abstract out the content into a separate include directive.
Saket
|
|
Vishnu Prakash
Ranch Hand
Joined: Nov 15, 2004
Posts: 1026
|
|
|
Very good idea. You can even use tag files a latest include in JSP 2.0
|
|
Adewale Adebusoye
Ranch Hand
Joined: Sep 28, 2005
Posts: 118
|
|
thanks vishnu, i did it and it worked. you're the man. 
|
|
 |
|
|
subject: logout problem
|
|
|
0
