I used a HTML page to accept username and password. The params are accepted by a servlet that checks them. If accepted, it redirects to servlet Home otherwise redirects to an errorpage.
On successful login the values are put in session so that it can be displayed in all other pages.
Now, the problem part. When logout is clicked, the user should logout ... i used session.invalidate() to do this.... and then redirect to login page again.......but if i click the Back button in browser. . . it works as usual
your session is already invalidated. But when you click on back it shows last page you access, means at that page you are not check for session. So make always check for session, if session available or not. If session available process for further otherwise redirect to login page.