Hi friends, I develop an web application using JSP/Servlets. Where there are three types of users are there(Admin,Customer,Vendor). * After they login a new sesion ID is created and when they press Logout it invalidates the sesion. But when i click the back button,it goes to the previous page and can able to use the options available for the user who is already logged out. * At the same time two users cant able to login the system like Admin and customer. What may be the problem.
Any help would be appreciated
Never try to be a hard-worker. Be a smart-worker.
Firstly it looks like you need to add some 'no-cache' code to your secured pages. This prevents them being retained on the client machine and therefore being able to be retrieved without resubmitting the request.
Secondly, this sounds like either a state problem, maybe the servet has instance fields?