Hi All,

I have earlier posted the topic regarding the session handling. But, right now I am facing the major issue with the back button handling or we can say Caching. I am using the below mentioned code:

response.setHeader("Cache-Control","no-store"); //HTTP 1.1
response.setHeader("Cache-Control","no-cache"); //HTTP 1.1
response.setHeader("Pragma\"","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
JSPsession.invalidate();

And then I am forwarding to next JSP. But on pressing the back button I am still getting the older page. PLease guide me how to handle this situation.

Basically I have to logout from the session and do not want to enter the previous page.

Thanks and Regards,
Abhinav Singhal

And then I am forwarding to next JSP. But on pressing the back button I am still getting the older page. PLease guide me how to handle this situation.

Cache-Control headers alone will not help you here. If the user is in session(logged-in) and if he uses back-browser button he can view the pages.

Basically I have to logout from the session and do not want to enter the previous page.

You got use session methods here. session.invalidate() will invalidate the current session of the client. If the user directly enter the URL to retricted resource in your application then your application logic should handle it. Like get the user name/password and store it in session as an attribute and verfify it in every restricted page.

Example:

Servlet code:
String name = request.getParameter("name"); session.setAttribute("username",name); [B]JSP Code:[/B] <% String UserName = (String) session.getAttribute("username"); if (UserName == null) { request.setAttribute("Error", "Your login session has expired"); RequestDispatcher rd = request.getRequestDispatcher("ErrorPage.jsp"); rd.forward(request, response); } %> [B]ErrorPage.jsp[/B] <%= request.getAttribute("Error") %>