I am developping one web site.in that i am using filters concept for authentication purpose.But my problem is when ever user enter his username and password then filter automatically checks this user is exists or not .If exists then controle goes to our member area i.e.,enters into our web site in that so many links if you click on any link then cursor go to that page on that i am loged out the site(for our intrest).then cursor goes to admin page(that is setting in the filter)If this time press Intenet exploror Back Button then control goes to what ever link prevously I am loged out this is the actual problem.
1. Your filter doesn't map to the linked pages. It must cover everything that you want to protect, not just your main page.
2. Even if the filter covers everything, the browser stores the pages in a cache. When the user clicks "Back", the browser can use the cached pages without actually asking the server for the page again. This means the server doesn't even know that the user is viewing the page a second time, so the filter becomes useless.
For case 2, all the pages you want to protect need to set headers that would tell the browser to never cache the pages.
Try putting the following three calls in the doFilter() of the filter:
This way no page retrieved through the filter will be cached by browsers that respect these headers.
Note that if your filter only protects the main page, you need to follow Daniel's advice and have each page check the session to see if the user is logged in or not. In this case the headers must be set in every page to make sure they are not cached.