aspose file tools*
The moose likes Servlets and the fly likes logout problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "logout problem" Watch "logout problem" New topic
Author

logout problem

Adewale Adebusoye
Ranch Hand

Joined: Sep 28, 2005
Posts: 118
in my web application, when the user logs out, he or she is redirected to a logout page. the problem is that when the user clicks the "back" button on the browser, he or she is still able to get back into the application.This could constitute a serious security risk. Please how do i get around this?


"Human beings can alter their lives by altering their state of mind" William James
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026
You got to use response Headers to solve this issue



Servlet Spec 2.4/ Jsp Spec 2.0/ JSTL Spec 1.1 - JSTL Tag Documentation
Adewale Adebusoye
Ranch Hand

Joined: Sep 28, 2005
Posts: 118
thanks vishnu but where exactly do i insert the code? because its when the user clicks the signout hyperlink that it calls the signout page. theres no servlet/jsp in between even though its part of the overall application.
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026
Include these response headers in those web components(servlets/jsp) which shouldn't be cached(stored) by the browser
Saket Barve
Ranch Hand

Joined: Dec 19, 2002
Posts: 229
It might just be better to abstract out the content into a separate include directive.

Saket
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026
Very good idea. You can even use tag files a latest include in JSP 2.0
Adewale Adebusoye
Ranch Hand

Joined: Sep 28, 2005
Posts: 118
thanks vishnu, i did it and it worked. you're the man.
 
Don't get me started about those stupid light bulbs.
 
subject: logout problem