I'm trying to do a servlet filter for a JSP project. What I want to do is to disallow a user to go back to previous page once he logouts. I followed this tutorial:
Prevent user from seeing previously visited secured page after logout
So I have this java file as my Filter class (file name is LogoutFilter.java):
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class LogoutFilter implements Filter {
FilterConfig config;
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletResponse hsr = (HttpServletResponse) res;
hsr.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
hsr.setHeader("Pragma", "no-cache"); // HTTP 1.0.
hsr.setDateHeader("Expires", 0); // Proxies
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig config) throws ServletException {
// TODO Auto-generated method stub
this.config = config;
}
}
I've also added the filter entry in my web.xml page. And the filter is working as I've checked it but the back button is still taking it back to the previous page after logout.
Here is my logout page where "admin_name" is a variable which I've added to session attribute during login.
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page session="false" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%
HttpSession session = request.getSession(false);
String admin_name = (String)session.getAttribute("admin_name");
session.invalidate();
admin_name="";
response.sendRedirect("admin_login.jsp");
%>
</body>
</html>
I can't understand what am I doing wrong.
