Though i prevented caching jsp pages after logout when i refresh my browser still it shows me admin.jsp pages

Question

i have one login.jsp web page where i have two textboxes for username and password when user cliks on submit button my web page **

is forwarded to jsp servlet checkpass.jsp where

1. code checks for authenticity of user that is checks for correctness of username and password ,
2. if user is valid then session is get created,i have set some seeion attributes like name, id,etc and
3. depending on type of user that is whether he is admin or just user i am again forwarding my checkpass.jsp page to perticular page. This all coding is done in check pass.jsp

** i prevented caching of most of pages . but pages like login.jsp , logout.jsp ,index.jsp . session gets created only if user is valid i didn't write code to check session that is code like

<%
try{
   String username = session.getValue("UserName").toString();
   String s_Password = session.getValue("password").toString();
   String id = session.getValue("ID").toString();
   // String s_Email = session.getValue("email").toString();
   if ((username==null) ||  (s_Password==null) || (id==null))
       {
    %>
      <jsp:forward page="index.jsp?error=You have Logged Out !!!" />
    <% 
    }}
   catch(Exception e)
   {
       e.printStackTrace();           
               %><jsp:forward page="index.jsp?error=" />
               <% 
    }
%>

such code is not there . so what happens, though i prevented caching of other including checkpass.jsp, when i logout session is terminated through session.invalidate() method. so when i use back button of my browser it doesnt dispaly the pages all pages gets redirected to index.jsp as i coded above. but as such code is not there is checkpass.jsp browser displays me some message saying that try to reload page because this page requires some data i.e i guess user name and password and when i press refresh button of my browser it displays me my admin.jsp pages i want that when anyone logouts none of web pages should be displayed though i press back or refresh button button of my browser. this is my web application . for this i am using net beans and MySQL and Apache tomcat. please help me to get out of problem. i will be pleased to provide any more info. if needed

Answer 1

You're not redirecting. You're forwarding. You need to send a redirect instead of a forward.

response.sendRedirect("index.jsp");

This way the server will instruct the client to send a brand new GET request on the given resource, instead of using the given resource as response for the current POST request as will happen with a forward. So refreshing won't re-submit the previous POST request.

See also:

• In the context of Java Servlet what is the difference between URL Rewriting and Forwarding?

---

Unrelated to the concrete problem, I have no idea what the restrictions/requirements are been put by your tutor/course, but writing Java code in JSP files instead of Java classes (e.g. a servlet class or a filter class) and using deprecated methods is not the best practice. Just saying for the case your points depend on that as well.