Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

After logout,browser back button shows web page expired,on refreshing it send request and shows data

 
Shailesh Kumar Saxena
Greenhorn
Posts: 25
Hibernate Java Spring
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi everybody,
I am developing some registration application using struts 1.3.8. I maintained the session as on each registration or login the request goes to
particular Action class, where I am checking for session attribute 'eid' , if it is there I am sending the control to Inbox page(in case of login request)
or to another page that displays 'you need to log out for registration'(in case of registration request). If session is not there I am creating a new
session and putting all the details in session.On logout control goes to an Action class calls session.invalidate() and then control goes to a page that
shows the message that you are successfully log out. I am using this on each jsp page to restrict the caching



and this in head tag of each html content



My problem is after logout when going to back button it is showing web page expired(But I want it should go to login page),
Moreover while displaying web page expired if I am refreshing the page it is showing alert that "you need to resend information...."
And again request is going to particular Action class and without asking for any thing(user name or password) it is again
going to last user's Inbox page(it seems all previous details are also going with this resend and all logic of Action class is executing)

But it is not supposed to happen. Any help? Any idea? Any suggestion?
 
Joe Ess
Bartender
Posts: 9311
10
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you have any other security set up, like basic declarative security or checking the user session?
 
Shailesh Kumar Saxena
Greenhorn
Posts: 25
Hibernate Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Joe,

I am checking for session. on Login I am creating a session and when user clicks on logout it checks for session if eid is not there in session , it sends the control to login page.
I got a temporary solution through googling that is to use javascript disabling the back button on logout page. But it is not the actual one I want.
I am much curious how people are successfully implementing the session on social site like fb and orkut?
 
Joe Ess
Bartender
Posts: 9311
10
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You have to secure every resource. You could disable the back button, but the user could still put the URL in the browser address bar. I linked to the JEE standard method in my previous post. There are also third party security API's, like Spring Security.
 
Gaurav Manral
Greenhorn
Posts: 17
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have the same problem.
after logout, when i click back button it goes back to the previous page.
BUT if i refresh this previous page then it redirects to the login page.
I want, when i click the Back button, it redirect to the login page.
Please tel me JOE how you solve this problem.
 
Jaames Smith
Greenhorn
Posts: 9
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just a suggestion, don't use Struts 1. Its has already reached EOL.
If you have to for some reason use Filters and check if user is in session.
Do not give access to JSP directly, it should be from Action class.
When user logout invalidate session in action class.



Also if you don't want jsp pages cached then use this scriplet in JSP page:

 
Gaurav Manral
Greenhorn
Posts: 17
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jaames Smith. It was a quiet helpful.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic