Member Avatar for sureshksk

In my web application After logout , if i click back button, browser is showing the visited jsp pages.How to prevent(or remove history) browser from doing this ,after Logout.

I tried following.But no use

<%
response.setHeader("Pragma","no-cache");
response.setHeader("Cache-Control","no-store");
response.setHeader("Expires","0");
response.setDateHeader("Expires",-1);
%>

please help on this.

Regards,
suresh

Edited by kvprajapati because: Added [code] tags. Do wrap your programming code blocks within [code] ... [/code] tags
  • 2 Contributors
  • 6 Replies
  • 861 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by sureshksk
Member Avatar for Shanti C

If you are using server side sessions for your login,
you would have to unset that session for logout,
you just check for session exists in every page,if not redirect to index/error page.

or try this :

<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
Member Avatar for sureshksk

Shanti,
First thanks for the reply.
I tried the code.But still i navigated pages are coming

In My code ,I am invalidating session in servlet and forwarding to logout.jsp as,

HttpSession hs=request.getSession(false);
       
        if(hs!=null)
        {      
              hs.invalidate();
              RequestDispatcher view=request.getRequestDispatcher("Logout.jsp");
              view.forward(request, response);
         }

My Logout.jsp is

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/strict.dtd">
<%@page contentType="text/html" pageEncoding="UTF-8" errorPage="Error.jsp"%>
<html>
 <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Expires" CONTENT="-1" ></meta>

<meta http-equiv="cache-control" content="no-cache"></meta>

<meta http-equiv="Pragma" CONTENT="no-cache"></meta>

      
            
<title>logout</title>
    </head>
    <body>
        <%
response.setHeader("Pragma","no-cache");
response.setHeader("Cache-Control","no-store");
response.setHeader("Expires","0");
response.setDateHeader("Expires",-1);
%>
<%
 
        System.out.println("session after "+session.isNew());
        response.sendRedirect("index.jsp"); %>
    </body>
</html>
Edited by peter_budo because: Keep It Clear - Do wrap your programming code blocks within [code] ... [/code] tags
Member Avatar for Shanti C

put this code in all your pages to check session exist or not:

if (session.isNew())
{ 
	// Session is not valid
	response.sendRedirect("index.jsp");
}
else
{
// your coding starts here
}

or try this:

String session_var="";
try  {
	 session_var=session.getAttribute("yoursessionname").toString();
	}
	catch(Exception e)
	{
// call logout page forcefully.		
response.sendRedirect("Logout.jsp");
	}
Member Avatar for sureshksk

I am checking for session in every page.
browser is showing only screens of pages ad When click on links or buttons it is forwarding to error page.

. My problem is, one way to remove history of pages after logout

Member Avatar for Shanti C

i am not sure, but try this :

<SCRIPT LANGUAGE=javascript> 
{
  var Backlen=history.length;   history.go(-Backlen); 
  window.location.href=page url
}
</SCRIPT>
Member Avatar for sureshksk

that javascript code not worked.But I am able to solve by

using response.setHeader s and setting errorPage="login.jsp".I am able to preevent caching browser for normal jsp pages.

But in some pages,I am including a sub page.
like in jsp1.
<jsp:include page="jsp1_sub.jsp>

this type of pages are still cached by browser. Is there any way to prevent these type of pages.
and these are vital pages in my application.So I can not edit or avoid these pages.

regards,
suresh

Edited by sureshksk because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.