Logout problem

<%
// I invalidate all my session when i logout and comes on Login.jsp page but if i go back still it open
previous pages
How i can stop these
i am adding these line in avery jsp page
1)
response.setHeader("Pragma","no-cache");
response.setHeader("Cache-Control","no-cache");
response.setDateHeader("Expires", 0);
%>

2) and in Logout.jsp
session.invalidate();
response.sendRedirect("Login.jsp");

still on reaching login page i can move to previous page by clicking back button

Yes , You are right.

The only solution is you have to handle such situations. I mean you have to do little bit of coding to achieve this.

If you are familiar with javascript then use the following code in login.jsp

<script language="javascript">
history.forward(1);
</script>

What this code makes is that once you log out you will be directed to login.jsp page and once this page is displayed then even by clicking the browser back button you will see the same login page again and again. So in this way you can prevent the user going back to previous page once he is logged out.

I hope I am close to what you were expecting !!

Regards
Rohit.

Very clever Rohit.
Does it work if we use drop-down of browers' back button?

Yes ..you are right

I didnt thought about that..

Sorry for previous post

Regards
Rohit.

Originally posted by Rohit Bhagwat:
Yes ..you are right

I didnt thought about that..

Sorry for previous post

Dont be sorry mate. It was a nice thought, though.
Actually Back button has the power.

I don't know of any way to disable the back / forward buttons reliably either.

However, if a user logs out and uses the back button to go back into your site and tries to submit(reSubmit) anything from that page, your code should recognize the session is not valid and forward the user to the login page.

Hey..

Wait a min. When a user clicks the back button then the request is not sent to server instead the cached page from the client is displayed.

I want to prevent the user to go back to see the page if he /she has logged out. But how yahoo has managed it. I logged out of yahoo account and it prevented me to go back to previous page (It displayed the contents for few seconds !!)

So I guess the problem still persists posted by Yong Ming Wai..Right ?

Waiting for replies..

Regards
Rohit.
[ March 19, 2005: Message edited by: Rohit Bhagwat ]

Originally posted by Rohit Bhagwat:

When a user clicks the back button then the request is not sent to server instead the cached page from the client is displayed.

I agree with you !

Yong never told us if he was still able to access same session if he press back button.

but still there is a feature in yahoo that once user sign out he can not view the cached pages.
[ March 19, 2005: Message edited by: Shailesh Chandra ]