I am doing a high security jsp/servlet application. After the user has logged out using the log-out button, using the browser back button, he is still able to login back and visit the page.
1) Can we disable cache/history of the page 2) Or can we override the functionality of a back button through jsp/javascript?
Thanks in advance
you should add all the main value you are using in your project into session and then when you click on logout button call some jsp to do your work like logout.jsp and then destory your session like this. and also redirect to your index page i think this idea will help you.
<%
HttpSession newsession = request.getSession(false);
if (newsession != null)
{
newsession.invalidate();
}
response.sendRedirect("../index.jsp");
%>
