• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

session management for logout

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi friends,
i m developing a web application where i have provided the facility for user login. I can allow user to login successfully. when user logs out, he is directed to the login page. but when he presses BACK button of the browser, he is again redirected to the previous page. i m using jsp for session management. can anybody solve my problem by giving a simple example, please.....
 
Ranch Hand
Posts: 54
Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Use window.history.forward(1); in your script, whenever you click button, you will be redirected to the current page. Hope this helps
 
Ranch Hand
Posts: 281
Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Are you sure that after you log out, you just want to direct it back to Login page and handle that client side ?

Usually you would go for destroying the session, time it out... save any data if required so why dont you go for a session listener and use the 'destroy' method to do so and use the action to come back to the login page again ....

and I assume that you dont want the user to move back and do any more editing in your web application...so again, are you are validating the authority of the user everytime you traverse through your pages?... if yes.. just go to the exception page (or login page) if the user is trying to go back after logout using a listener or an action.
 
Ranch Hand
Posts: 672
4
Eclipse IDE Spring Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This problem, has got nothing to do with sessions, its the problem with browser caching the page, when user clicks back, browser is showing you a cached page. So declare no-cache as true in JSP. I assume that, you are doing session.invalidate() after, once user clicks logout. If not, first destroy/invalidate the session..
 
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Deepakkumar Devarajan wrote:Use window.history.forward(1); in your script, whenever you click button, you will be redirected to the current page. Hope this helps


Hi there ,
I had the same problem , so I have used your code in logout.jsp page like this .

Is this the right way to do this ?
When I click on button , the page goes to index.jsp and when I click the back button, it does not go back to logout.jsp page. That is what I want. However , I want to make sure that this is done the RIGHT WAY.
 
Sheriff
Posts: 67590
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Not even close. Preventing caching is the answer.

The JavaScript trick is a hack that isn't going to add any security whatsoever.
 
Raman Ghai
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Not even close. Preventing caching is the answer.

The JavaScript trick is a hack that isn't going to add any security whatsoever.


What if I am doing on logout ?
 
Bear Bibeault
Sheriff
Posts: 67590
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That will do nothing either to the cached pages. If you don't want the pages to be cached, hacks aren't going to do anything for you. Read the ServletsFaq and JspFaq for information on cached control.
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic