I have created one project.There is one login.jsp page.After successful log in i'm setting user name and password as session attribute then redirect to home page.In home page I created a link to logout.jsp where I have called session.invalidate() then redirect to log in page.But after that if i click browser back button it is going back to home page.Is it due to browser cache ?Whatever be the reason how to resolve it ?
I have a personal grudge against every J2EE author who ever used a "login page" as an example. There's a technical term for people who write their own webapp security code: "pwned". J2EE has a well-developed security system of its own, and in most cases it's more than sufficient to for web application security needs.
However, disregarding my own prejudices, the problem here is that the browser "Back" button doesn't connect directly to the webapp. The "Back" button simply causes the browser to re-submit the URL from the previous page.
An IDE is no substitute for an Intelligent Developer.