I'm working on a web app that involves a Login procedure. When the user fills out a form consisting of username and password, the form data goes to a servlet that sets an attribute in the Session object. So far, so good.
For the logout mechanism, I've created another servlet that simply grabs the Session object and removes the attribute. When the user clicks on the logout menu item, a jquery function calls LogoutServlet, which does its thing, then the user is redirected back to the home page. All this works except...
now on the home page, if I click on the back button on the browser, I'm returned to the previous page. That shouldn't happen. At the top of my JSP page I run a test like so:
//Prevent people from having direct access to this page.
if(currentUser == null)
Since I removed the attribute "currentSessionUser" from the Session object when I logged out, the variable currentUser should now be null. For some reason, it isn't since I'm able to click the back button on the browser and return to the JSP page without any problem. The logout mechanism isn't working as I had hoped.