At line 2 you are getting null as output which clearly means that the session is invalidated properly. I don't exactly know how you are checking each request whether its authentic or not, but if your authentication is correct, then the user might be able to press back and go to the previous page (put the headers given here in your JSP page, then this will not happen) but the user should not be able to do anything useful. If the user is able to press back and do stuff, then it might indicate broken security in your application as unauthenticated users might be able to get access to the application...
Ganeshkumar cheekati wrote:still i am getting the same problem back button works fine..
This is a little confusing for me. When you say "back button works fine" does it mean the back button is still taking you to the previous page?? The headers given in that FAQ must be put on pages that you don't want your browser to cache i.e. the ones that require the user to be logged in. Also as I said earlier, this might also be a security issue (if I'm not missing something). On pages/actions that require user to be logged in, are you actually checking if the user is logged in??
Joined: Oct 13, 2008
that means still i am getting the previous page.....you mean do i have to put thost headers in the jsp where i have logout button right... i done the same thing...