shijunair -2 Junior Poster in Training

hi everyone,
I am facing a problem which i know that you'll will surely find a remedy.
I have a login.html ,login1.jsp which does the database connection and welcome.jsp the main page.
so the problem is when i put the username and password it directs me to the welcome.jsp,
In that there is a logout button ,when i press the logout button it directs me to the login.html.
but the session handling is not done properly for unique user because when i log out and go to login.html ,the standard button back in the window is taking me back to the welcome .jsp though i have logged out and invalidated the session .i am forwarding the code : pls have a look and help me out with suggestions.
thanks in advance.
This is the welcome page

<%
response.setHeader("Cache-Control","no-cache");
response.setHeader("Cache-Control","no-store");
response.setDateHeader("Expires",0);
response.setHeader("Pragma","no-cache");
%>

<html>
<%

String username=(String)session.getAttribute("user");

if(null==username)
{

response.sendRedirect("login.html");
return;

}

%>

<form method ="post" action="logout.jsp">

<input type="submit" value="Logout"></input>
</form>


</html>

this is the logout page.

<%@ page language="java"%>
<html>
<head>
<titile>Session Disabled</title>
</head>
<body>
<%
session.removeAttribute("user");
session.invalidate();
response.sendRedirect("login.html");
%>
</body>
</html>

the login1.jsp code is

<%@ page import="java.sql.*"%>
<%@ page language="java"%>

<%!
String user,pwd;
%>

<%
try
{
user=request.getParameter("username");
pwd=request.getParameter("password");

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con=DriverManager.getConnection("jdbc:odbc:student_base");
PreparedStatement ps=con.prepareStatement("select password from student_base where username='"+user+"'");
ResultSet rs=ps.executeQuery();

if(rs.next())
{
if(rs.getString("password").equals(pwd))
{
session.setAttribute("user",user);
response.sendRedirect("welcome.jsp");
}
else
{
out.println("error invalid username or password");
}
}
else
{
out.println("error invalid username or password");
}
con.close();
}
catch(Exception e)
{
out.println(e);
}
%>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.