Logout The Session

Hello All,
I have one problem in maintaining session and removing session.
when i press logout button it has to close the session here if i press Back button or Forward button it has to say that session has beeen closed pls login once again
These r the files
Index.html
html>
<body>
<form action=first.jsp method="post">
<pre><center><p> </p><p> </p><p> </p><p> </p>
UserName:<input type=text name=un><br>
Password:<input type=password name=pw><br>
<input type=Submit name=Login value=Login>
</form>
</body>
</html>
first.jsp
<html>
<title>Test</title>
<head>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body background="back_right.gif">

<%
String u_name="";
String p_word="";

u_name=request.getParameter("un");
p_word=request.getParameter("pw");
session.setAttribute("USERNAME",u_name);
session.setAttribute("PASSWORD",p_word);
String un =(String)session.getAttribute("USERNAME");
String pw =(String)session.getAttribute("PASSWORD");



%>
<% if (un.equals("ravi")&& pw.equals("ravi")) {
%>
<jsp:include page="second.jsp" />
<% }else out.println("Hello"); %>
<%
%>
</body>
</html>
second.jsp
<html>
<head>
<title></title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body >

<%
String UN=(String)session.getAttribute("USERNAME");
String PW=(String)session.getAttribute("PASSWORD");

if (UN.equals("ravi")&& PW.equals("ravi"))
{
out.println("Hay");
}else
out.println("Hello");
%>
<center>
The values of session are
<%= UN %>
<%= PW %>
<form action="logout.jsp" method="post">
<input type=submit value=Logoff>
</form>
</body>
</html>
logout.jsp
<HTML>
<HEAD>
</HEAD>
<BODY onunload="JavaScript:writeCookies(1)">
<%
session.removeAttribute("USERNAME");
session.removeAttribute("PASSWORD");
if(session.equals(""))
{
response.sendRedirect("index.html");
}
%>
</BODY>
</HTML>

You really should use the invalidate() method to discard the session. That will ensure that the previous login is totally gone. The code
if(session.equals("")) {
is totally meaningless since a session will never equal a String.
Bill

Yep, & maybe u could check if(UN==null) which means no user name(out-of-seesion) & add the following code to all ur .jsp pages :-
<%
response.setHeader("cache-control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires",0);
%>
This thing is working for me even with the Back Button

Originally posted by Vedhas Pitkar:
Yep, & maybe u could check if(UN==null) which means no user name(out-of-seesion) & add the following code to all ur .jsp pages :-
<%
response.setHeader("cache-control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires",0);
%>
This thing is working for me even with the Back Button

I would not suggest that you add the code to all of your .jsp pages. This is a maintenance nightmare! I would suggest using a Filter to add the headers. This way, you avoid the headache of doing a search/replace if you ever want to change this functionality.