To prevent user to go back after logout i used following code in home.jsp page
<%
if (session.getAttribute("authe") != null && session.getAttribute("authe").equals(true)) {
}
else {
response.sendRedirect("login.jsp");
}
%>
and I invalidated the session in logout.jsp.
It worked fine but when I pressed back button after logout it still goes to home page but after reloading that home page it moves to the login page. I thought it it due to the browser default action.
How to make it to work effectively?
To prevent user to go back after logout i used following code in home.jsp page
<%
if (session.getAttribute("authe") != null && session.getAttribute("authe").equals(true)) {
}
else {
response.sendRedirect("login.jsp");
}
%>
and I invalidated the session in logout.jsp.
It worked fine but when I pressed back button after logout it still goes to home page but after reloading that home page it moves to the login page. I thought it it due to the browser default action.
How to make it to work effectively?
Share Improve this question edited Jul 30, 2017 at 8:30 xlm 7,64415 gold badges58 silver badges60 bronze badges asked Oct 13, 2013 at 16:50 manchumanchu 551 gold badge2 silver badges7 bronze badges 1- Have you ruled out caching? – Brandon Commented Oct 13, 2013 at 17:01
2 Answers
Reset to default 6In home.jsp put header as no-cache:
<%
response.addHeader("Cache-Control", "no-cache,no-store,private,must-revalidate,max-stale=0,post-check=0,pre-check=0");
response.addHeader("Pragma", "no-cache");
response.addDateHeader ("Expires", 0);
%>
You can use:
<%
try {
response.setHeader("Cache-Control","no-cache");
response.setHeader("Cache-Control","no-store");
response.setHeader("Pragma","no-cache");
response.setDateHeader ("Expires", 0);
if (session.getAttribute("userid")==null) {
response.sendRediredirect("login.jsp");
}
else {}
}
catch(Exception ex) {
out.println(ex);
}
%>