How do I create logout page in JSP?

Question

I have a logout page with these codes written in it.

HttpSession session = request.getSession(false);
  if(session != null)
  session.invalidate();
  request.getRequestDispatcher("/index.jsp").forward(request,response);

However after clicking the log out button and after redirecting to index.jsp, I can still access the previously visited links using the back button of the browser. How do I make my way around with this? That after I have logged out, I will always be redirected into the index.jsp (my login page) unless I log in again? Help?

This might be [helpful](http://stackoverflow.com/questions/4194207/prevent-user-from-going-back-to-the-previous-secured-page-after-logout) — Jacob, Jan 11 '15 at 10:24

score 0 · Answer 1 · answered Jan 11 '15 at 05:19

0

    HttpSession session = request.getSession();
    if(session != null)
    {
        session.setAttribute("loginBean", null);
        session.invalidate();
    }
    response.sendRedirect("index.jsp");

answered Jan 11 '15 at 05:19

jay.jivani

1,560
1
16
33

score -1 · Answer 2 · answered Jan 11 '15 at 07:21

On click to browser button,the page would have been served from cache,you can check it by Network tab in your browser(F12 in chrome).

On server side,you should do below things.

1.you can check the session at a common point (let say it be a filter or any servlet controller(other than for login request)). if session is available you allow to proceed,and if not redirect user to login page.

2.On logout, as you are doing already session.invalidate()

3.Also i would suggest, to add below headers to HttpServletResponse object on logout.

    Cache-Control,Pragma,No Cache,Expire

    response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
    response.setHeader("Pragma", "no-cache");
    response.setDateHeader("Expires", 0);

How do I create logout page in JSP?

2 Answers2