File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Redirect to login on 'Back' button in same session? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Redirect to login on Watch "Redirect to login on New topic

Redirect to login on 'Back' button in same session?

Ted Bell
Ranch Hand

Joined: Jan 21, 2002
Posts: 52
Hi all,

Our customer has raised a concern with our web application with the following scenario:

1. User logs in and uses application.
2. User types in new address in browser and navigates off our site without explicitly logging out.
3. User hits 'Back' button and is returned to our application with the original session still active.

I have seen many articles and postings related to controlling the browser cache and redirecting the user to the login when the session has expired or been invalidated, but nothing involving this scenario in which the session is still active. I'm not sure how to control this since we have a valid session. I am researching use of the 'Referer' header to see if this might be a reliable way to test if a request came from within our application, but I suspect this is far from fool-proof.

Anyone come across similar requirements from a customer, or have experience with using 'Referer' to control this?

Thanks for any advice.
murali kankanala
Ranch Hand

Joined: Nov 15, 2004
Posts: 110
Hi Ted,

I think there is no code like session.invalidate() to invalidate the session when doing log out.


you have to write the front controller which check every time whether the session is there created alredy for that user , then only allow that user to access any URL ( nothing but forward that request ) that he types in address bar.
I agree. Here's the link:
subject: Redirect to login on 'Back' button in same session?
It's not a secret anymore!