I'm making a JSP application and I want that when user clicks on the log out button then he must be presented with a login page so this I'm able to do by invalidating the session object and redirecting to login page... but now in addition to it I want that when the user clicks the back button of the browser button, he must not be able to go back but instead he must be given the login page only thanx in advance for the reply
IT Revolution Welcome to the Java Ranch, we hope you�ll enjoy visiting as a regular however, your name is not in keeping with our naming policy here at the ranch. Please change your display name to an appropriate name as shown in the policy. Thanks again and we hope to see you around the ranch!!
As for your problem: set a variable in the session. Then just check on each of your pages to see if they are logged in or not. If not then redirect to the login page.
Originally posted by IT Revolution: Here is a way to solve this.Set the user Id in session whenever user successfully logs into ur system .After logging,out check the session attribute in which u set the user ID as value..u will get null value.so after session is invalidated, check the user ID from session on every user action..and send redirect the request to Login page again i hope this would solev ur problem..Isnt it easy I'm making a JSP application and I want that when user clicks on the log out button then he must be presented with a login page so this I'm able to do by invalidating the session object and redirecting to login page... but now in addition to it I want that when the user clicks the back button of the browser button, he must not be able to go back but instead he must be given the login page only thanx in advance for the reply
Hi thanx for the reply..but please can you tell me how to check the user action so that we can redirect him to the Login page..like how can we check the user action that he is clicking the back button of the browser? thanx for the reply...
Bip Bob Please do not cross post your questions to multiple forums. Most of the visitors here read in many of the forums and it is frustrating to see the same question repeated over and over. You have a better chance of getting a correct and timely answer if you post it to the most appropriate forum instead of using the shotgun approach and hoping you'll hit something. [ July 11, 2002: Message edited by: Dave Vick ]
but still it goes back....which is the appropriate method to implement this?
There is a (partial) answer to your question in the original post you made in JSP...
Piyush links you to an article describing how to turn off page caching. It's a known 'difficulty' to get all browsers to behave properly, and IE seems to be the bad-guy in most cases, but this is your best option.
Let's imagine a sequence of pages: page1, page2, page3, page4. As a real-world example, lets say that pages 1-3 are a wizard (a bunch of forms) and page4 logs you out of the application. There is just *no* way to determine if a user's request for page3 was because they clicked on the link or submit button on page2, or if they used the browser's back button from page4.
The difficulty is this: the browser either caches the page, and so a 'back button' doesn't actually hit the server-side again, or the browser will re-submit the original request, and so a back-button from page4 to page3 looks to the server like a request from page2 to page3.
Solution: implement the no-cache strategy to force each request to hit the server side, thus ensuring you can make 'state' checks.
The second half of this is: On *every* single request, check to see if they are logged in (if their session is valid). If page4 invalidates their session (it logs them out) and they make a request for any other page, including by means of using the back button, then the fact they are logged out can be caught, and they will re-direct to a login page. [ July 11, 2002: Message edited by: Mike Curwen ]