How to prevent the user to access the history after logout the application

Question

I am working on a SpringMVC application I need to make a logout page. I make the page but when I click the back button on the browser I can see the user data.

How can I prevent the user to access the history after logout the application. Please tell me a solution without using Spring-security.

I am using the following handler method for logout the application.

@RequestMapping("/logout")
public String logout(HttpServletRequest request)
{
    request.getSession().invalidate();
    return "index";
}

Thank you

@khAn how can we do that in Springmvc ... i am newbie to springmvc — dhS, Aug 31 '16 at 10:29
@dhS i cant give full working example but my answer might help you, please search on google for any tutorials. it would be a good practice. — KhAn SaAb, Aug 31 '16 at 10:34
See some examples here https://www.google.co.in/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=handlerinterceptoradapter%20spring%203%20example — KhAn SaAb, Aug 31 '16 at 10:35
@khAn this would help me for sure ... but for now the other answer worked .. thanks — dhS, Aug 31 '16 at 10:41

score 3 · Accepted Answer · answered Aug 31 '16 at 10:30

You can add below line at top of your jsp page to not to store history or cache

<%
    response.setHeader("Cache-Control","no-cache,no-store,must-revalidate");//HTTP 1.1
    response.setHeader("Pragma","no-cache"); //HTTP 1.0
    response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
%>

score 2 · Answer 2 · edited May 23 '17 at 10:29

2

Stop user to go back to previous page history

You can use javascript

window.history.forward();<br>
function noBack(){<br>
window.history.forward();
}

But this is not the best approach because of various numerous reasons.

There are many other solutions
1. Invalidate the session
2. Clear the cache

See this and also this already asked question

edited May 23 '17 at 10:29

Community

1
1

answered Aug 31 '16 at 10:41

sajid

53
1
9

1

I don't have to use javascript in this application. but this is a good solution for other applications thanks a lot – dhS Aug 31 '16 at 10:43

score 1 · Answer 3 · answered Aug 31 '16 at 10:32

if you are using Spring frame works then use interceptor to avoid such behavior of your application.

public class LoginInterceptor extends HandlerInterceptorAdapter {
    @Override
    public boolean preHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler) throws Exception {

}

    @Override
    public void postHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler,
            ModelAndView modelAndView) throws Exception {
    }

    @Override
    public void afterCompletion(HttpServletRequest request,
            HttpServletResponse response, Object handler, Exception ex)
            throws Exception {
    }
}

`

How to prevent the user to access the history after logout the application

3 Answers3