0

Its not duplicate to this Prevent user from seeing previously visited secured page after logout . i have studied it to find out some thing useful. but it is irrelevant to my issue.if i disable java script on the browser, this duplicate ticket solutions will not work at all for me. Please suggest me so that i can make proper logout session. I Have tried so many logout codes but nothing is working on logout session. when i click on back , the it is going to be the normal session. my example code is ,

"logout link in menu:"

<a href="LogOut.do"><i class="fa fa-sign-out"></i><b>&nbsp;Logout</b></a>

"logout Servlet Code":

public class LogOutServlet extends HttpServlet {

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        // TODO Auto-generated method stub


         response.setHeader("Cache-Control","no-cache"); //Forces caches to obtain a new copy of the page from the origin server
         response.setHeader("Cache-Control","no-store"); //Directs caches not to store the page under any circumstance
         response.setDateHeader("Expires", 0); //Causes the proxy cache to see the page as "stale"
         response.setHeader("Pragma","no-cache"); //HTTP 1.0 backward compatibility
         HttpSession session=request.getSession();
         String userName = (String) session.getAttribute("customerDetails");
         if (null == userName) {
            request.setAttribute("Error", "Session has ended.  Please login.");
            RequestDispatcher rd = request.getRequestDispatcher("logout.jsp");
            rd.forward(request, response);
         }


    }

}

"logout.jsp"

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <meta http-equiv="cache-control" content="max-age=0" />
         <meta http-equiv="cache-control" content="no-cache" />
         <meta http-equiv="expires" content="0" />
         <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
         <meta http-equiv="pragma" content="no-cache" />
<title>Logout</title>
</head>
<body>

<% session.invalidate(); %>
<p>You have been successfully logout</p>
</body>
</html>

I have tried it with many different code. but still when i click on back button of browser.it displays home page as normal.please help to find the best code for logout.

Community
  • 1
  • 1
DSK
  • 492
  • 5
  • 13
  • Last solution would be to use Ajax to call the server to validate the session, even with cache, the Javascript will be executed again, leading to a message or a redirection. PS : Your tags are off. This is a cache problem so HTML and JSP would be enough I think – AxelH Dec 29 '16 at 07:27
  • Hi @AxelH thanks for your comments. i tried using meta tag but it is not working out. – DSK Dec 29 '16 at 07:46
  • I have placed my full code along with quey. please tel mel where code needs to be fixed. thansk @AxelH – DSK Dec 29 '16 at 07:49
  • What is written is weird or unclear: in your servlet code, you only redirect to `logout.jsp` if `userName` is null. Could you explain why you do not invalidate the session in the servlet and in any case? Then you say *when I hit the back button...* The back button can show a cached page even when the session has correctly been closed. But if you ask a new page, the server should not send it back. – Serge Ballesta Dec 29 '16 at 08:24
  • i have **invalidated the session** also. but no use for this problem. could you help me @SergeBallesta what should i change in the **logout servlet**. – DSK Dec 29 '16 at 11:21
  • Not a good solution but you can disable the back button on that jsp which comes after logout. – Rahul Agrawal Dec 30 '16 at 06:29
  • @RahulAgrawal where should i make disable the back button on logout page or all pages? if i include disable back button in all pages , that web application will be little difficult in using this. – DSK Dec 30 '16 at 06:48
  • When you clicked logout button, it will take you to a jsp(say home). You have to disable the back button on this jsp(home). Or you can also use javascript to override back button so that you actually don't disable back button, but when back button is clicked on this jsp(home) you are redirected to same page again(i.e. home). – Rahul Agrawal Dec 30 '16 at 07:21
  • 1
    Above trick does not work if one disables javascript on browser. – Rahul Agrawal Dec 30 '16 at 07:29
  • Yes @RahulAgrawal . it is not duplicate question. i tried to find out the best solution for it. – DSK Dec 31 '16 at 04:13

0 Answers0