Disable browser back button in spring mvc application after logout

Question

I am doing spring mvc application in this when i logout from the application if i click browser back button its getting to the previous page of the application I have to restrict this and I tried this in my *.xml file

      <interceptors>
            <beans:bean id="webContentInterceptor"
              class="org.springframework.web.servlet.mvc.WebContentInterceptor">
              <beans:property name="cacheSeconds" value="0" />
              <beans:property name="useExpiresHeader" value="true" />
              <beans:property name="useCacheControlHeader" value="true" />
              <beans:property name="useCacheControlNoStore" value="true" />
            </beans:bean>
          </interceptors>

this is working only with in the application if I logout again if I click browser back button going to the previous page.

I tried with Javascript and Jquery examples but not working in my spring mvc application. can any one please suggest me in this regard and approach to follow.

You should filter your request before proceed to `dispatcher-servlet`. In your filter, check if `HttpSession` exists or not, if not then back to login page. e.g `request.sendRedirect("login");` — Ataur Rahman Munna, Jan 25 '17 at 10:21
@Nithin Please, check the link below if it helps you http://stackoverflow.com/questions/16819660/page-not-secured-after-log-out-and-click-back-button — Dmitry Senkovich, Jan 25 '17 at 10:21
Possible duplicate of [Page not secured after log out and click back button](http://stackoverflow.com/questions/16819660/page-not-secured-after-log-out-and-click-back-button) — Dmitry Senkovich, Jan 25 '17 at 11:33

Ataur Rahman Munna · Answer 1 · 2017-01-26T04:42:25.107

Ok, Here I give you an idea with how you can do that. Suppose you have a SessionFilter Class in package com.test.filter that implement Filter. Here you override the doFilter() method and checked that if session exist or not such like that:

public class SessionFilter implements Filter {

    @Override
    public void doFilter(ServletRequest req, ServletResponse res,
                FilterChain chain) throws IOException,
                ServletException {

            HttpServletRequest request = (HttpServletRequest) req;
            HttpServletResponse response = (HttpServletResponse) res;
            String url = request.getRequestURI();

            response.setHeader("pragma", "no-cache");              
            response.setHeader("Cache-control", "no-cache, no-store, must-revalidate");             
            response.setHeader("Expires", "0"); 
            HttpSession session = request.getSession(false);

            //!url.contains("login.html") check if the requested page is login page or not. you can do it a numerous way.
            // but for simpplicity here i do that
            if(session==null && !url.contains("login.html")) {
                response.sendRedirect(request.getContextPath() + "/login.html"); // here goto http://yourdoamin/login.html
                response.setHeader("message", "Session Timeout."); // you can set your preffered message.
                return; //break filter chain, requested JSP/servlet will not be executed
            }

            chain.doFilter(req, res);
        }
}

Now add the class reference in to web.xml

<filter>
    <description>session filter</description>
    <filter-name>SessionFilter</filter-name>
    <filter-class>com.test.filter.SessionFilter</filter-class>
</filter>

Thank u for ur support, Hope with this I can solve my issue. — Nithin, Jan 25 '17 at 11:09
If that helps, then you can accept my answer and upvoted as it's SO's norm. :) — Ataur Rahman Munna, Jan 25 '17 at 11:20

Disable browser back button in spring mvc application after logout

1 Answers1