In every page of mine, there is a logout option. When the user clicks this logout option, they get log out session.invalidate(); .When I press the back button, even if the session is invalidated, I get the previous page with all the contents in the input tag.How can I resolve this problem.I tried window.location.reload(),and many other options, but it's not working in here.\
My website is this. and credentials are. test123@gmail.com and pass is Amal123
Asked
Active
Viewed 1,831 times
0
Amal lal T L
- 400
- 5
- 20
-
try `window.location.href = '/'` you should be referenced to reload the page in the base path of the domain – mtizziani Jul 21 '17 at 09:47
-
page is reloading infinitely. – Amal lal T L Jul 21 '17 at 10:02
-
1Possible duplicate of [Prevent user from seeing previously visited secured page after logout](https://stackoverflow.com/questions/4194207/prevent-user-from-seeing-previously-visited-secured-page-after-logout) – Fotis Grigorakis Jul 21 '17 at 10:12
-
How can I do this same purpose in PHPalso? – Amal lal T L Dec 15 '17 at 07:40
3 Answers
1
you can copy and paste this code in every page of your site which clears the cached page.
<%
response.setHeader("Cache-Control","no-cache");
response.setHeader("Cache-Control","no-store");
response.setHeader("Pragma","no-cache");
response.setDateHeader ("Expires", 0);
if(session.getAttribute("some_token")==null)
response.sendRedirect("login/login.html");
%>
In logout you must be invalidating session so when you click back it would check the some_token attribute value in session and if not there it will redirect you to login page . But remember after login you are setting some_token attribute in session.
Fotis Grigorakis
- 363
- 1
- 3
- 16
-
-
I set everything previously except no-store and it wasn't working. The no-store helped. Thanks – Tahir Hussain Mir Jun 08 '22 at 06:51
0
Before all pages you want to open only when session is active you have to put a filter that checks for session before your pages get open.
And on loguot you have to invalidate the current session.
And then your will be able to press back button but can not perform any funtionality
Saurabh Kumar
- 59
- 1
-
I don't want to see that page again after logout. I am checking whether the session is null or not, if it is null, it will be redirected to login page. – Amal lal T L Jul 21 '17 at 10:04
0
You can use a session attribute... for example when you log in, set a variable value to username e.g: HTML
<form name="login" action="/login.jsp" method="post" >
<input type="text" name="username" >
<input type="password" name="password" >
<input type="submit" >
JSP:
String userName=request.getParameter("username");
request.getSession().setAttribute("username",userName);
Now On every page,add this code
<% if(request.getSession().getAttribute("username")==null)
response.sendRedirect("index.jsp");%>
Also, at the time of logout do not forget to remove the session attribute.
request.getSession().removeAttribute("username");
Try it and let me know.
Mohd Naved
- 448
- 6
- 20
-
at logout, the session is already invalidated,why should i remove the attribute again? Also in every page iam checking whether session is null , it null it will be redirected to login page. for every time checking, the page needs to be reloaded. – Amal lal T L Jul 21 '17 at 10:07
-
Same problem in this question, check the answers... https://stackoverflow.com/questions/24677949/why-session-is-not-null-after-session-invalidate-in-java – Mohd Naved Jul 21 '17 at 10:23
-
For this i have to reload the page again. Please check the question. – Amal lal T L Jul 21 '17 at 10:27