Back Button in jsp redirect to Login page without Logout

Question

I am working on Jsp-servlet. I have 3 jsp pages.one for login,after successful login it will show employee his records and then logout.So my problem was after logout when i press back button it will display records of employee so i disable the back button and cleared the cache.and redirect it to the login page

But now the problem is,When the user after his successful login, is on his record page and if he press back button login page is getting displayed w/o pressing logout.What is the solution on this ?

score 1 · Answer 1 · answered May 21 '12 at 06:19

You can disable back button ,but you should not do it like this , instead you should tell the browser not to cache the page , which is being loaded from the cache on back button after logout . Servlet Filters would be best suited for pre-process the request .You could do something like this in your filter :

response.setHeader("Cache-Control","no-cache");

I think in your case you might have been clearing the cookies too , which would invalidate the session and would redirect you to login page as you implemented . It would be better if you can provide the code .

ashwinhnr · Answer 2 · 2013-05-01T02:18:36.637

When we press back button session is not invalidated. It is not because of caching (Try printing date in the page where Employee dashboard is displayed. Everytime we press forward button new request is going to server).

I added: response.setHeader("Cache-Control", "private, no-store, no-cache, must-revalidate"); response.setHeader("Pragma", "no-cache"); response.setDateHeader("Expires", 0); but it din't workout.

So you may need to add a java script to disable your back button(Client may disable js, so not a solution) or another solution will be to add a condition in your first jsp i.e that form will be displayed only when the username (or any attribute you are using) in the session is null.

If you press back button ie if session is not invalidated then username still exists and you can just display the who has already logged in and provide the logout button there.

Or you can check for session parameter in LoginPage jsp for sessionAttribute not null invalidate session.

score -1 · Answer 3 · answered Sep 19 '14 at 13:06

-1

<script>

$(document).ready(function() {
    function disableBack() { window.history.forward() }

    window.onload = disableBack();
    window.onpageshow = function(evt) { if (evt.persisted) disableBack() }
});
</script>

we can disable the back key using java script on that jsp page only.

answered Sep 19 '14 at 13:06

Manjeet Kumar

127
1
3

that's not a proper solution... – bitoiu Sep 19 '14 at 13:41
Then for the proper solution you have to validate it using session. – Manjeet Kumar Sep 22 '14 at 08:34

Back Button in jsp redirect to Login page without Logout

3 Answers3