• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session management for logout

 
Vishal Bhavsar
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi friends,
i m developing a web application where i have provided the facility for user login. I can allow user to login successfully. when user logs out, he is directed to the login page. but when he presses BACK button of the browser, he is again redirected to the previous page. i m using jsp for session management. can anybody solve my problem by giving a simple example, please.....
 
Deepakkumar Devarajan
Ranch Hand
Posts: 54
Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Use window.history.forward(1); in your script, whenever you click button, you will be redirected to the current page. Hope this helps
 
Robin John
Ranch Hand
Posts: 281
Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you sure that after you log out, you just want to direct it back to Login page and handle that client side ?

Usually you would go for destroying the session, time it out... save any data if required so why dont you go for a session listener and use the 'destroy' method to do so and use the action to come back to the login page again ....

and I assume that you dont want the user to move back and do any more editing in your web application...so again, are you are validating the authority of the user everytime you traverse through your pages?... if yes.. just go to the exception page (or login page) if the user is trying to go back after logout using a listener or an action.
 
Prasad Krishnegowda
Ranch Hand
Posts: 670
4
Eclipse IDE Java Spring
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This problem, has got nothing to do with sessions, its the problem with browser caching the page, when user clicks back, browser is showing you a cached page. So declare no-cache as true in JSP. I assume that, you are doing session.invalidate() after, once user clicks logout. If not, first destroy/invalidate the session..
 
Raman Ghai
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Deepakkumar Devarajan wrote:Use window.history.forward(1); in your script, whenever you click button, you will be redirected to the current page. Hope this helps

Hi there ,
I had the same problem , so I have used your code in logout.jsp page like this .

Is this the right way to do this ?
When I click on button , the page goes to index.jsp and when I click the back button, it does not go back to logout.jsp page. That is what I want. However , I want to make sure that this is done the RIGHT WAY.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65129
92
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not even close. Preventing caching is the answer.

The JavaScript trick is a hack that isn't going to add any security whatsoever.
 
Raman Ghai
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:Not even close. Preventing caching is the answer.

The JavaScript trick is a hack that isn't going to add any security whatsoever.

What if I am doing on logout ?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65129
92
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That will do nothing either to the cached pages. If you don't want the pages to be cached, hacks aren't going to do anything for you. Read the ServletsFaq and JspFaq for information on cached control.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic