Servlets/JSP: Back button issue. Hitting back button after logging out says "Confirm Form Resubmission" but refreshing that page logs me back in

Question

Login.jsp

<form action="LoginServlet" method="post">
    <label>Email:</label>
    <input type="text" name="email"/>
    <label>Password:</label>
    <input type="password" name="pass"/>
    <input type="submit" value="Login"/>        
</form>

LoginServlet.java

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // TODO Auto-generated method stub
    System.out.println("Boom");

    String email = request.getParameter("email");
    String pass = request.getParameter("pass");

    RequestDispatcher dispatcher = getServletConfig().getServletContext().getRequestDispatcher("/view/Success.jsp");

    AuthenticationService authService = new AuthenticationServiceImplementation();

    boolean isAuthenticated = authService.authenticate(email, pass);

    if(isAuthenticated) {
        HttpSession session = request.getSession();
        session.setAttribute("user", email);
        request.setAttribute("user", email);
        dispatcher.forward(request, response);
    }
}

Success.jsp

<a href="/Sample_app1/LogoutServlet">Logout</a>

<% String user = (String)request.getAttribute("user"); %>
<% if(user != null && session.getAttribute("user").equals("abc@abc.com")) { %>
        <p><%=user %> is logged in.</p>
<% } %>

LogoutServlet.java

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // TODO Auto-generated method stub
    HttpSession session = request.getSession();
    session.removeAttribute("user");
    session.invalidate();
    RequestDispatcher dispatcher = getServletConfig().getServletContext().getRequestDispatcher("/view/Login.jsp");
    dispatcher.forward(request, response);
}

What am I doing wrong here? I am not able to get this to work for the life of me. It is just simple code. How can it resend username and password after I refresh the page and click on resend just like that even though the session is invalidated? May be I am missing on some concept. Please explain!

This is the code to prevent caching:

<% response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
response.setDateHeader("Expires", 0); %>

I have put the above in Success.jsp

When I hit the logout link from Success.jsp, I am redirected back to the Login.jsp. From here if I hit the back button, I get the page with message "Confirm Form Resubmission". On this page when I refresh, it prompts me to resend the data or cancel the refresh. When I hit resend, it logs me back in to Success.jsp. — hermit05, Jun 30 '15 at 09:27

Servlets/JSP: Back button issue. Hitting back button after logging out says "Confirm Form Resubmission" but refreshing that page logs me back in

0 Answers0