Even After logging out from the application when click the back button it logs to the user previously logged in the browser?

Question

In the application am working when the user logs out and press the browser back button it takes the particular user to the previous page(logged in as the previous user).

I tried the following code to clear the cache when the user logs out in the index(login) page

<%
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setHeader("Expires", "0");
response.setDateHeader("Expires", -1);
%>

The above code works fine in IE and firefox but not in google chrome ,

can any one helps me in solving this issue with google chrome .

Thanks in advance .

score 1 · Answer 1 · edited May 23 '17 at 10:24

1

You need to change the following:

response.setHeader("Cache-Control", "no-store");

to:

response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");

Read this post for further description.

edited May 23 '17 at 10:24

Community

1
1

answered Jun 18 '12 at 05:15

Kazekage Gaara

14,972
14
61
108

Please can anyone help me in this . – Jey Ravi Jun 18 '12 at 06:29
Did u check the link that I have provided. It should work perfectly well. – Kazekage Gaara Jun 18 '12 at 06:30

BalusC · Answer 2 · 2012-06-18T13:02:40.023

There are 2 mistakes here:

The Cache-Control header is incomplete. The complete set of proper headers is:

response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.

Make sure that you've cleared your browser cache before testing.

Those headers have to be set on the response of the restricted pages, not only on the login page. Easiest way is to create a servlet filter which is mapped on the very same URL pattern as the restricted pages and set those headers in doFilter() method.

public class NoCacheFilter implements Filter {

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
        response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        response.setDateHeader("Expires", 0); // Proxies.
        chain.doFilter(req, res);
    }

    // ...
}

If you're already using a custom filter on the URL pattern of the restricted pages which needs to check the presence of the logged-in user and handle the redirect to the login page, then you can also do the job in the very same filter instead.

Even After logging out from the application when click the back button it logs to the user previously logged in the browser?

2 Answers2