Hi,
I felt trouble to solve the problem last few days.When I loguot as an user from an account the "Backward option is activated" by which with out giving password another user can enter the last Logout page which I don't desired.

I follow Session object in jsp tags for a new user and when the user is logged out I destroy this session object.But till I face the problem.
So any can help me

Return a javascript onload that erases the history, or something to that effect. Another thing that you can do, is to set all pages as no-cache and a very short expires. This would force the page to be reloaded (or at least ask the user if they wish to repost whatever), but since their session id is invalidated (it is isn't it) it won't be able to reload.

Hi,
I felt trouble to solve the problem last few days.When I loguot as an user from an account the "Backward option is activated" by which with out giving password another user can enter the last Logout page which I don't desired.

I follow Session object in jsp tags for a new user and when the user is logged out I destroy this session object.But till I face the problem.
So any can help me

Because the browser history (on the client) has nothing to do with the session on the server. For each and every page you return set the "no-cache" pragma and set an expires meta-data of -1. At least then the browser does not cache the pages at all and hitting back would require the page to be newly loaded from the server which would fail.

As noted above, you can only directly erase the clients history on the client, ie through javascript or the like. Nothing to do with Java or JSP.

This article has been dead for over six months. Start a new discussion instead.