After I logged out , the controller goes to home page in that I removed the user in the session and finally invalidate the session.
When after I go back to previous page and hit any operation, it's still working. I don't know why the session is still keeping.
Here is the code I followed..
Logout servlet:In the home page, I'm setting no cache, etc..What's wrong with my code and why its still keeping the session?
When you select browser back then there will be a GET request invoked to the orgin server with the URL used previusuly.
If you have a workflow in place then you get everything right or the previous page will not be displayed.
When invalidate() method is invoked the session object you are working on gets destroyed immediately. But when you click the back button and refresh the page or fire any operation from there a new session object gets created and start maintaining your session from that time onwards. I hope this information is useful for you.