Problems after logout of application
Hi all !!
I m facing a problem that after doing the logout from the application i am trying to click on the back button of the browser and it shows all the contents of the jsp even when the logoutaction invalidates the session......
It doesnot show the page which i made to redirect after i do a logout and the user tries to do the same. ..................
I am using the struts framework and so all the .do actions are displayed even after the user has signed of from the application.>>>>>>>>>>
Any help will be of great use ... please do put in ur inputs in case u know ......
hey i am also getting the same problem i also want some help if you have got the thing from any other source please do share it on the forum
when i click on the logout link the backend page is requested at that page i am in validating the session and farwarding it to login screen but back button of browser takes inside the application
i trie another thing also i am keeping username as a parameter in the session as soon i click on the logout it stores null value for that parameter
session.setParameter("user",null);
and while any page in the application loads it checks if that parameter has some value or not like
<%
if (session.getAttribute("user")==null)
{%><jsp:forward page="login.jsp"/><%}
%>
but with this also i am getting same problem if click back buitton of browser after logout it takes me back irrespective of the above mentiuoned check
Please do help if someone has any solution fore this thing
Have you checked your server logs to see whether the page has actually been "requested" when you clicked the back button? Some browsers may load the page from cache, so nothing you do on the server side can prevent it. You may however add meta tags to your HTML to discourage this.
Assuming you page is really being requested two common approaches are...
1. Use container managed security to restrict the resource to authenticated users. Invalidating the session will require the user to log in again before they can access the page.
2. Use a servlet filter to do pretty much the same thing.
thanxs
i am new to java so its little difficuilt to get the the the thing it will be nice if you can give some more idea about the first solution you have mentioned
moreover
i checked the logs and found that while back the page is not loaded from the server
if we can delete the browser's cache with some command that can also solve the thing please do tell me if it is possible or not
> i am new to java so its little difficuilt to get the the the thing it will be nice if you can give some more idea about the first solution you have mentioned
moreover
Have a go first (google for "container managed security") and come back with specific questions when you get stuck.
> if we can delete the browser's cache
You can't delete the browsers cache, you can only provide a hint that the page should not be cached in the first place.
http://grizzlyweb.com/webmaster/html/metatags.asp
