I am working on online application where I have to implement the logout funtionality.
I have written code for logout, in which it removes the session availables.
Once I do logout I go the logout jsp which is fine. But, when I do browser back it shows me the previous screen which I am not
interested.Instead of that I should see again logout page. I have written some code to cache and refresh the page but it does not work.
If the logout is done using form submit on the front end, then it should take care of back button click. (Clicking on back button of browser will ask user to resend the information.)
The other thing that you can do is, on all the application pages, you can check for session variables and if they are invalid redirect user to login page.
Ideally when user will click back button, he/she should be taken to login page instead of logout.
The forward method of RequestDispatcher will forward the ServletRequest and ServletResponse that it is passed to the path that was specified in getRequestDispatcher(String path). The response will not be sent back to the client and so the client will not know about this change of resource on the server. This method is useful for communicating between server resources, (servlet to servlet). Because the request and response are forwarded to another resource all request parameters are maintained and available for use. Since the client does not know about this forward on the server, no history of it will be stored on the client, so using the back and forward buttons will not work.
Yes, Naveen I did the same thing, but again the same thing. It did not work. It's like browser keeps the page in session and that is shown to us.
Please let me know your opinion.
Rahul Ba wrote:
Yes, Naveen I did the same thing, but again the same thing. It did not work. It's like browser keeps the page in session and that is shown to us.
Please let me know your opinion.
Rahul
Can you post your code in here . And BTW you may want to invalidate the session . That Should help and add a check for invalidated session and see what you want to do about it (Just a work around if you approaching deadlines).
Invalidating the session is the best practice while logout and that is the way it should be.
The response header part mention previously should be actualy be done for all the JSPs since the the content sits in the browser cache.
Anyways its still an open issue, you can see all bank sites even to have "Please close the window" for security reasons.
for now, if the the page alone is your concern you can redirect the user to the same page.
I believe that all the above solutions put together, you should not be facing the problem you were facing earlier.
If you still have the same problem, then probably the only explanation is that you need to clear your browser's contents.
Try removing the cookies, offline content, etc. or maybe try using another browser.
P.S. Please use code tags to abide by these practices.
Thank you,
Ashutosh.
Post by:autobot
What are you doing? You are supposed to be reading this tiny ad!
a bit of art, as a gift, the permaculture playing cards