In my web application After logout , if i click back button, browser is showing the visited jsp pages.How to prevent(or remove history) browser from doing this ,after Logout.

I tried following.But no use

<%
response.setHeader("Pragma","no-cache");
response.setHeader("Cache-Control","no-store");
response.setHeader("Expires","0");
response.setDateHeader("Expires",-1);
%>

please help on this.

Regards,
suresh

If you are using server side sessions for your login,
you would have to unset that session for logout,
you just check for session exists in every page,if not redirect to index/error page.

or try this :

<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">

Shanti,
First thanks for the reply.
I tried the code.But still i navigated pages are coming

In My code ,I am invalidating session in servlet and forwarding to logout.jsp as,

HttpSession hs=request.getSession(false);
       
        if(hs!=null)
        {      
              hs.invalidate();
              RequestDispatcher view=request.getRequestDispatcher("Logout.jsp");
              view.forward(request, response);
         }

My Logout.jsp is

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/strict.dtd">
<%@page contentType="text/html" pageEncoding="UTF-8" errorPage="Error.jsp"%>
<html>
 <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Expires" CONTENT="-1" ></meta>

<meta http-equiv="cache-control" content="no-cache"></meta>

<meta http-equiv="Pragma" CONTENT="no-cache"></meta>

      
            
<title>logout</title>
    </head>
    <body>
        <%
response.setHeader("Pragma","no-cache");
response.setHeader("Cache-Control","no-store");
response.setHeader("Expires","0");
response.setDateHeader("Expires",-1);
%>
<%
 
        System.out.println("session after "+session.isNew());
        response.sendRedirect("index.jsp"); %>
    </body>
</html>

put this code in all your pages to check session exist or not:

if (session.isNew())
{ 
	// Session is not valid
	response.sendRedirect("index.jsp");
}
else
{
// your coding starts here
}

or try this:

String session_var="";
try  {
	 session_var=session.getAttribute("yoursessionname").toString();
	}
	catch(Exception e)
	{
// call logout page forcefully.		
response.sendRedirect("Logout.jsp");
	}

I am checking for session in every page.
browser is showing only screens of pages ad When click on links or buttons it is forwarding to error page.

. My problem is, one way to remove history of pages after logout

i am not sure, but try this :

<SCRIPT LANGUAGE=javascript> 
{
  var Backlen=history.length;   history.go(-Backlen); 
  window.location.href=page url
}
</SCRIPT>

that javascript code not worked.But I am able to solve by

using response.setHeader s and setting errorPage="login.jsp".I am able to preevent caching browser for normal jsp pages.

But in some pages,I am including a sub page.
like in jsp1.
<jsp:include page="jsp1_sub.jsp>

this type of pages are still cached by browser. Is there any way to prevent these type of pages.
and these are vital pages in my application.So I can not edit or avoid these pages.

regards,
suresh

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.