Two Laptop Bag*
The moose likes Struts and the fly likes After logout,browser back button shows web page expired,on refreshing it send request and shows data Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "After logout,browser back button shows web page expired,on refreshing it send request and shows data" Watch "After logout,browser back button shows web page expired,on refreshing it send request and shows data" New topic
Author

After logout,browser back button shows web page expired,on refreshing it send request and shows data

Shailesh Kumar Saxena
Greenhorn

Joined: Dec 15, 2012
Posts: 25

hi everybody,
I am developing some registration application using struts 1.3.8. I maintained the session as on each registration or login the request goes to
particular Action class, where I am checking for session attribute 'eid' , if it is there I am sending the control to Inbox page(in case of login request)
or to another page that displays 'you need to log out for registration'(in case of registration request). If session is not there I am creating a new
session and putting all the details in session.On logout control goes to an Action class calls session.invalidate() and then control goes to a page that
shows the message that you are successfully log out. I am using this on each jsp page to restrict the caching



and this in head tag of each html content



My problem is after logout when going to back button it is showing web page expired(But I want it should go to login page),
Moreover while displaying web page expired if I am refreshing the page it is showing alert that "you need to resend information...."
And again request is going to particular Action class and without asking for any thing(user name or password) it is again
going to last user's Inbox page(it seems all previous details are also going with this resend and all logic of Action class is executing)

But it is not supposed to happen. Any help? Any idea? Any suggestion?


Shailesh Saxena,
Pilibhit, U.P. INDIA
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8843
    
    7

Do you have any other security set up, like basic declarative security or checking the user session?


"blabbing like a narcissistic fool with a superiority complex" ~ N.A.
[How To Ask Questions On JavaRanch]
Shailesh Kumar Saxena
Greenhorn

Joined: Dec 15, 2012
Posts: 25

Hi Joe,

I am checking for session. on Login I am creating a session and when user clicks on logout it checks for session if eid is not there in session , it sends the control to login page.
I got a temporary solution through googling that is to use javascript disabling the back button on logout page. But it is not the actual one I want.
I am much curious how people are successfully implementing the session on social site like fb and orkut?
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8843
    
    7

You have to secure every resource. You could disable the back button, but the user could still put the URL in the browser address bar. I linked to the JEE standard method in my previous post. There are also third party security API's, like Spring Security.
Gaurav Manral
Greenhorn

Joined: Jun 29, 2012
Posts: 17

I have the same problem.
after logout, when i click back button it goes back to the previous page.
BUT if i refresh this previous page then it redirects to the login page.
I want, when i click the Back button, it redirect to the login page.
Please tel me JOE how you solve this problem.


Forgive your enemies, but never forget their names.
Jaames Smith
Greenhorn

Joined: May 28, 2013
Posts: 9
Just a suggestion, don't use Struts 1. Its has already reached EOL.
If you have to for some reason use Filters and check if user is in session.
Do not give access to JSP directly, it should be from Action class.
When user logout invalidate session in action class.



Also if you don't want jsp pages cached then use this scriplet in JSP page:

Gaurav Manral
Greenhorn

Joined: Jun 29, 2012
Posts: 17

Thanks Jaames Smith. It was a quiet helpful.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: After logout,browser back button shows web page expired,on refreshing it send request and shows data
 
Similar Threads
logout back button problem
invalidate session object in struts2
Caching is not working
After Logout still keeping session
Log out Functionality for my Web Application