2 things:
1. Please store your attribute in a session, not the request:
NOT this
request.setAttribute("uname",name);
2. Disable the browser's cache otherwise the user can preview the previous cached page. The homepage should have a check for whether the username stored in the session is null. As an aside, preview authentication standards from other sources, google it