in my web application, when the user logs out, he or she is redirected to a logout page. the problem is that when the user clicks the "back" button on the browser, he or she is still able to get back into the application.This could constitute a serious security risk. Please how do i get around this?
"Human beings can alter their lives by altering their state of mind" William James
thanks vishnu but where exactly do i insert the code? because its when the user clicks the signout hyperlink that it calls the signout page. theres no servlet/jsp in between even though its part of the overall application.
Joined: Nov 15, 2004
Include these response headers in those web components(servlets/jsp) which shouldn't be cached(stored) by the browser