File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes Getting logout to work effectively in jsp Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Getting logout to work effectively in jsp" Watch "Getting logout to work effectively in jsp" New topic
Author

Getting logout to work effectively in jsp

Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Hi Folks,
Im trying to logout a user from my web application using the servlet code below.

and assigning the above servlet to a logout link, now the above works correctly ,But it would allow the person to be able to see a protected screen below to a particular user by clicking browser back button , even though any action after that forces the user to login . Is there any way I can prevent an unauthorised user from viewing protected content by hitting the back button of the browser?
Thanks

Learning and Learning!-- Java all the way!
Tarun Bolla
Ranch Hand

Joined: Jun 20, 2011
Posts: 89
Hi....
I suggest you use a client side cookie...say IsLoggedIn. if the content of IsLoggedIn is "true"(check in onload javascript), let it be. If its not, redirect to login page. You would set the cookie in server code in login page. You would clear the cookie in server code in logout page. Dont remove any server side validation for session. Keep it as it is...

Hope this helps...
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Thank you for your suggestion!
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Uh just as an update, I found a work around to the situation rather than implementing the client side script on all pages . I cleared the cache through a filter , and solved the problem . May help any one facing similar issues in the future
Tarun Bolla
Ranch Hand

Joined: Jun 20, 2011
Posts: 89
Hi Vic...What do you mean by clearing cache through a filter? Could you elaborate it!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60774
    
  65

See the JspFaq.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Getting logout to work effectively in jsp
 
Similar Threads
Logout servlet problem with back button
not able to catch exceptions from jsp page
Send response to login page
Yet another caching trouble
Struts 2 - logout - prevent back button