When I invalidate the session, I can redirect to my log-out page, but if someone hits the back button(due to caching issues) the page is displayed unless you hit refresh.
How an I get around this behaviour, I wish to have it so that you cannot go back and view the page after logout.
The response.seteader method in any case will make IE ask a user after hitting the back button if he/she wants to refresh the page. This will still work if refresh is clicked.
Sessions are rather difficult things. They are often stored on the server, and the invalidate method will not destroy the session. Only items within the session will be removed. Because if you enter a url of an application that only returns an HTML page, but does nothing with the request object, the server will also have made a session.
So as far as I know, making it impossible to go back is almost impossible. My application is made up of actions and normal requests. If you hit Logout after an action, you can not go back with the back button, because the browser tries the action again, but the object needed for it does not exist anymore. You get a NullPointerException in the application and you are re-directed out. But if you go back from a request, there is no trouble whatsoever, because the request can be done without a problem.
Final REMARK: Why would you want to make it impossible to go back ? I mean, that's the great thing about web-based applications. If the user gets strange errors (being generated in the code) it is their own fault for trying to go back on actions they performed, on places going back with the button is not a logical thing to do !!!
have fun programming,
Jeroen.
I am coding an app for sensitive information that once a user logs out, we don't want anybody seeing the page by "accident"
I have solved the problem though, I open the entire application in a window without a back and forward button, then the users are directed to a page displaying "YOU HAVE BEEN LOGGED OUT, press HERE to log back in"
On this page the only thing they can do is to close the browser, which takes them back to the original location they came from in the original browser, or to click on the link that takes them to the login page.
Thank you very much for your input.
W
hi
i am sorry i don't remember the exact code at the moment.and can't get it before monday.
but the concept is on form you catch the click event and then compare if the clicked button is right mouse button if it is true give a lert message this will stop the pop up window of back button from appearing.
sandy
