0

hey all
so there's another problem.. Actually I have a login page in my application. When user login with the appropriate credentials, different screens open up for different purpose. Each screen has a link called SignOut on the top of the page. Whan user logs out, he jumps to the login screen but when he clicks on "Back" button, he is able to see previous pages. I want back button disabled or any other solution so that after logging out user will not be able to see those pages. Please guide me accordingly.

Edited by Neha290791

2
Contributors
1
Reply
19
Views
4 Years
Discussion Span
Last Post by LastMitch
0

so there's another problem.. Actually I have a login page in my application. When user login with the appropriate credentials, different screens open up for different purpose. Each screen has a link called SignOut on the top of the page. Whan user logs out, he jumps to the login screen but when he clicks on "Back" button, he is able to see previous pages. I want back button disabled or any other solution so that after logging out user will not be able to see those pages. Please guide me accordingly.

Since I don't know how your login code looks like.

Look at this example:

@WebFilter("/app/*")
public class LoginFilter implements Filter {

@Override
public void init(FilterConfig config) throws ServletException {
}

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(false);

if (session == null || session.getAttribute("idUsuario") == null) {
response.sendRedirect(request.getContextPath() + "../index.xhtml"); 
} else {
 chain.doFilter(req, res); 
}
}

@Override
public void destroy() {
}

}

Read more about this here:

http://docs.oracle.com/javaee/6/api/javax/servlet/Filter.html

The issue you are having is also related to a cached.

OK, for example in PHP to prevent that I have to add this code on top of my page:

header('Cache-Control: no-cache, no-store, must-revalidate'); // HTTP 1.1.
header('Pragma: no-cache'); // HTTP 1.0.
header('Expires: 0'); // Proxies.

Since we are in JSP, you add this code on top of your page:

response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.

Edited by LastMitch: grammer

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.