vikas gunti wrote:I wrote the same code in a servlet
Make sure your application uses proper components for proper reasons. Your HTML (or JSP) form should do nothing but sending a post (or get) request to your application. Your servlet should be the once taking your request, and doing the necessary validation/redirection/dispatch stuff. If you have some business to do, like accessing a database or processing something with the request, make another set of classes as appropriate, and have your servlet call those classes as you need. Finally, if you need to send something to the user's screen, use a JSP, which is what your Hello.jsp is for, I guess. In that JSP, it should contain nothing but only what it takes to show the content. No scriptlets (the <% %> tags) ever!
You have set the cache controls correctly, but it looks like you are setting them on the logout action, which doesn't make sense. Instead, set them on pages that you don't need to cache - the authenticated pages.