0

When user logout's of the application and click on the back button in chrome brower then user will be viewing the "Confirm Form Resubmission" instead of the login page of the application. The same behaviour is not visible in the internet explorer.
After succesful logout i.e, clearing the session of application and in Jsp we are adding the below line

enter image description here

<%response.setContentType("text/html; charset=iso-8859-1");
  response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
  response.setHeader("Pragma", "no-cache");
  response.setHeader("Expires","0");
%>

if the user click the refresh in Confirm Form Resubmission page then he will navigate to the home page.

i have tried to implement a session variable username and check the variable in the jsp. since we are clearing the cache there is no jsp page to load. enter image description here

Any solution to the issue will be appreciated.

ramesh027
  • 796
  • 1
  • 10
  • 27

1 Answers1

1

That's a typical problem on every form submit with method "post". My suggestion is to use a redirect after the logout was successful, see examples here or here (Post-Redirect-Get-pattern). Try to protect the behaviour of the software and inform the user, you can't block the user from using this button.

Controlling the Cache etc. is a good option if you want to force the browser to refresh every page when the user uses the navigate buttons of the browser. But you have to keep in mind, that the "previous" page, that a user wants to access with back/forward buttons, will have to have these cache options. You could try to implement a more general caching option for all sites via Tomcat.

beendr
  • 654
  • 7
  • 21