File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Logout is not properly working in struts2 please help me Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Logout is not properly working in struts2 please help me" Watch "Logout is not properly working in struts2 please help me" New topic

Logout is not properly working in struts2 please help me

nalamati satyanarayana
Ranch Hand

Joined: Dec 16, 2005
Posts: 39
Hi all,
This is satya i developed logging/logout application using struts like
First i developed Logging interceptor this will authenticate and it will display success ful jsp then if i click on logout it will redireect to login jsp but after that if i click on
back on browser again it displaying successful jsp

Anybody please help me out to how to resolve this problem

My intrceptor code like this

* A Struts 2 interceptor that implements a login system.
public class LoginInterceptor extends AbstractInterceptor implements StrutsStatics {

private static final long serialVersionUID = 1L;
private SecurityManager securityManager;
private static final Log log = LogFactory.getLog (LoginInterceptor.class);
private static final String USER_HANDLE = "QUADRAN_USER_SESSSION_HANDLE";
private static final String LOGIN_ATTEMPT = "QUADRAN_LOGIN_ATTEMPT";
private static final String USERNAME = "QUADRAN_USERNAME";
private static final String PASSWORD = "QUADRAN_PASSWORD";

public void init () { ("Intializing LoginInterceptor");

public void destroy () {}

public String intercept (ActionInvocation invocation) throws Exception {
// Get the action context from the invocation so we can access the
// HttpServletRequest and HttpSession objects.
final ActionContext context = invocation.getInvocationContext ();
HttpServletRequest request = (HttpServletRequest) context.get(HTTP_REQUEST);
HttpSession session = request.getSession (true);

// Is there a "user" object stored in the user's HttpSession?
Object user = session.getAttribute (USER_HANDLE);
if (user == null) {
// The user has not logged in yet.

// Is the user attempting to log in right now?
String loginAttempt = request.getParameter (LOGIN_ATTEMPT);
if (! StringUtils.isBlank (loginAttempt) ) { // The user is attempting to log in.

// Process the user's login attempt.
if (processLoginAttempt (request, session) ) {
// The login succeeded send them the login-success page.
return "login-success";
} else {
// The login failed. Set an error if we can on the action.
Object action = invocation.getAction ();
if (action instanceof com.opensymphony.xwork2.ValidationAware) {
((com.opensymphony.xwork2.ValidationAware) action).addActionError ("Username or password incorrect.");

// Either the login attempt failed or the user hasn't tried to login yet,
// and we need to send the login form.
return "login";
} else {
return invocation.invoke ();

* Attempt to process the user's login attempt delegating the work to the
* SecurityManager.
public boolean processLoginAttempt (HttpServletRequest request, HttpSession session) {
// Get the username and password submitted by the user from the HttpRequest.
String username = request.getParameter (USERNAME);
String password = request.getParameter (PASSWORD);

SecurityManagerImpl s= new SecurityManagerImpl();
// Use the security manager to validate the user's username and password.
Object user = s.login (username, password);

if (user != null) {
// The user has successfully logged in. Store their user object in
// their HttpSession. Then return true.
session.setAttribute (USER_HANDLE, user);

return true;
} else {
// The user did not successfully log in. Return false.
return false;

public void setSecurityManager (SecurityManager in) {
log.debug ("Setting security manager using: " + in.toString () );
this.securityManager = in;

My logout action code below

session = (SessionMap<String, Object>)ActionContext.getContext().getSession();

System.out.println("removing: login "+session.get("QUADRAN_USER_SESSSION_HANDLE"));

System.out.println("removed - sreedevi: login "+session.get("QUADRAN_USER_SESSSION_HANDLE"));
return SUCCESS;

Nitesh Kant

Joined: Feb 25, 2007
Posts: 1638

CarefullyChooseOneForum while posting. Moving to struts forum.

apigee, a better way to API!
David Newton

Joined: Sep 29, 2008
Posts: 12617

Please UseCodeTags; code is quite difficult to read without them.

You'll need to disable caching, otherwise the browser will just show what it already has.
Pawan Kalyan
Ranch Hand

Joined: Jun 18, 2009
Posts: 34
Hey try this code in the page you navigate to after login page. ( Ex: Put this code in welcome.jsp after you login from login.jsp)


response.setHeader("Cache-Control","no-cache"); // HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0);

<script language="JavaScript">
var x=window.history.length;
if (window.history[x]!=window.location)

and use the response.setHeader part in every jsp in the Head section so that the browser wont cache.

This will work for 100%

Rob Spoor

Joined: Oct 27, 2005
Posts: 20273

Moving to Struts (as I should've done before).

How To Ask Questions How To Answer Questions
I agree. Here's the link:
subject: Logout is not properly working in struts2 please help me
jQuery in Action, 3rd edition