Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • Al Hobbs
  • salvin francis

Logout is not properly working in struts2 please help me

Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,
This is satya i developed logging/logout application using struts like
First i developed Logging interceptor this will authenticate and it will display success ful jsp then if i click on logout it will redireect to login jsp but after that if i click on
back on browser again it displaying successful jsp

Anybody please help me out to how to resolve this problem

My intrceptor code like this

* A Struts 2 interceptor that implements a login system.
public class LoginInterceptor extends AbstractInterceptor implements StrutsStatics {

private static final long serialVersionUID = 1L;
private SecurityManager securityManager;
private static final Log log = LogFactory.getLog (LoginInterceptor.class);
private static final String USER_HANDLE = "QUADRAN_USER_SESSSION_HANDLE";
private static final String LOGIN_ATTEMPT = "QUADRAN_LOGIN_ATTEMPT";
private static final String USERNAME = "QUADRAN_USERNAME";
private static final String PASSWORD = "QUADRAN_PASSWORD";

public void init () { ("Intializing LoginInterceptor");

public void destroy () {}

public String intercept (ActionInvocation invocation) throws Exception {
// Get the action context from the invocation so we can access the
// HttpServletRequest and HttpSession objects.
final ActionContext context = invocation.getInvocationContext ();
HttpServletRequest request = (HttpServletRequest) context.get(HTTP_REQUEST);
HttpSession session = request.getSession (true);

// Is there a "user" object stored in the user's HttpSession?
Object user = session.getAttribute (USER_HANDLE);
if (user == null) {
// The user has not logged in yet.

// Is the user attempting to log in right now?
String loginAttempt = request.getParameter (LOGIN_ATTEMPT);
if (! StringUtils.isBlank (loginAttempt) ) { // The user is attempting to log in.

// Process the user's login attempt.
if (processLoginAttempt (request, session) ) {
// The login succeeded send them the login-success page.
return "login-success";
} else {
// The login failed. Set an error if we can on the action.
Object action = invocation.getAction ();
if (action instanceof com.opensymphony.xwork2.ValidationAware) {
((com.opensymphony.xwork2.ValidationAware) action).addActionError ("Username or password incorrect.");

// Either the login attempt failed or the user hasn't tried to login yet,
// and we need to send the login form.
return "login";
} else {
return invocation.invoke ();

* Attempt to process the user's login attempt delegating the work to the
* SecurityManager.
public boolean processLoginAttempt (HttpServletRequest request, HttpSession session) {
// Get the username and password submitted by the user from the HttpRequest.
String username = request.getParameter (USERNAME);
String password = request.getParameter (PASSWORD);

SecurityManagerImpl s= new SecurityManagerImpl();
// Use the security manager to validate the user's username and password.
Object user = s.login (username, password);

if (user != null) {
// The user has successfully logged in. Store their user object in
// their HttpSession. Then return true.
session.setAttribute (USER_HANDLE, user);

return true;
} else {
// The user did not successfully log in. Return false.
return false;

public void setSecurityManager (SecurityManager in) {
log.debug ("Setting security manager using: " + in.toString () );
this.securityManager = in;

My logout action code below

session = (SessionMap<String, Object>)ActionContext.getContext().getSession();

System.out.println("removing: login "+session.get("QUADRAN_USER_SESSSION_HANDLE"));

System.out.println("removed - sreedevi: login "+session.get("QUADRAN_USER_SESSSION_HANDLE"));
return SUCCESS;

Posts: 1638
IntelliJ IDE MySQL Database Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
CarefullyChooseOneForum while posting. Moving to struts forum.
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please UseCodeTags; code is quite difficult to read without them.

You'll need to disable caching, otherwise the browser will just show what it already has.
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey try this code in the page you navigate to after login page. ( Ex: Put this code in welcome.jsp after you login from login.jsp)


response.setHeader("Cache-Control","no-cache"); // HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0);

<script language="JavaScript">
var x=window.history.length;
if (window.history[x]!=window.location)

and use the response.setHeader part in every jsp in the Head section so that the browser wont cache.

This will work for 100%

Posts: 22509
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Moving to Struts (as I should've done before).
    Bookmark Topic Watch Topic
  • New Topic