This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes JSP and the fly likes session management for logout Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "session management for logout" Watch "session management for logout" New topic
Author

session management for logout

Vishal Bhavsar
Greenhorn

Joined: Apr 18, 2011
Posts: 1
hi friends,
i m developing a web application where i have provided the facility for user login. I can allow user to login successfully. when user logs out, he is directed to the login page. but when he presses BACK button of the browser, he is again redirected to the previous page. i m using jsp for session management. can anybody solve my problem by giving a simple example, please.....
Deepakkumar Devarajan
Ranch Hand

Joined: Apr 19, 2011
Posts: 54

Use window.history.forward(1); in your script, whenever you click button, you will be redirected to the current page. Hope this helps

Regards,
Deepakkumar Devarajan
Robin John
Ranch Hand

Joined: Sep 10, 2008
Posts: 270

Are you sure that after you log out, you just want to direct it back to Login page and handle that client side ?

Usually you would go for destroying the session, time it out... save any data if required so why dont you go for a session listener and use the 'destroy' method to do so and use the action to come back to the login page again ....

and I assume that you dont want the user to move back and do any more editing in your web application...so again, are you are validating the authority of the user everytime you traverse through your pages?... if yes.. just go to the exception page (or login page) if the user is trying to go back after logout using a listener or an action.


Time is what we want the most, but what we use the worst. -- William Penn
Prasad Krishnegowda
Ranch Hand

Joined: Apr 25, 2010
Posts: 507

This problem, has got nothing to do with sessions, its the problem with browser caching the page, when user clicks back, browser is showing you a cached page. So declare no-cache as true in JSP. I assume that, you are doing session.invalidate() after, once user clicks logout. If not, first destroy/invalidate the session..


Regards, Prasad
SCJP 5 (93%)
Raman Ghai
Ranch Hand

Joined: Jan 01, 2012
Posts: 51
Deepakkumar Devarajan wrote:Use window.history.forward(1); in your script, whenever you click button, you will be redirected to the current page. Hope this helps

Hi there ,
I had the same problem , so I have used your code in logout.jsp page like this .

Is this the right way to do this ?
When I click on button , the page goes to index.jsp and when I click the back button, it does not go back to logout.jsp page. That is what I want. However , I want to make sure that this is done the RIGHT WAY.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60752
    
  65

Not even close. Preventing caching is the answer.

The JavaScript trick is a hack that isn't going to add any security whatsoever.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Raman Ghai
Ranch Hand

Joined: Jan 01, 2012
Posts: 51
Bear Bibeault wrote:Not even close. Preventing caching is the answer.

The JavaScript trick is a hack that isn't going to add any security whatsoever.

What if I am doing on logout ?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60752
    
  65

That will do nothing either to the cached pages. If you don't want the pages to be cached, hacks aren't going to do anything for you. Read the ServletsFaq and JspFaq for information on cached control.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: session management for logout
 
Similar Threads
session help?
Single login for a Particular url
Redirect user to login page after session expires
Issue in session manegement
handling session time out