cannot destroy session in jsp

Question

iam using this in my logout page:

session.invalidate();
response.sendRedirect("login.jsp");

and then this on every page to check if the session is being set or not

session.getAttribute("username");
HttpSession session1 = request.getSession(false);

if(session1== null )
{%>
    <jsp:forward page="login.jsp"/>
<% 
}
else
{%>
      load the content of the page

it get logout successfully... but when i press the back button on the browser it get back to the page... i was last on. Where iam wrong and what can be done

possibly the browser is displaying the cached files, try refreshing the page after clicking the back button. — , Apr 18 '14 at 09:25
@Arvind what ur say is right when i reach that page and press refresh then it goes back to the login page ,but it still is going to that page ... which i believe should not happen.. the sol that u gave didn't work.. can u suggest something else — raam, Apr 18 '14 at 09:41

score 0 · Answer 1 · 2014-04-18T09:40:45.343

0

u may try this on jsp which u don't wana show until logged in:

javascript

<script>
    window.onload=function() {
        history.forward();
    }; // trick to force user to redirect to the next page

    window.onunload=function () {};
</script>

edited Apr 18 '14 at 09:40

answered Apr 18 '14 at 09:28

i have updated the code try it, but make sure to clear cache before login by pressing ctrl + F5 – Apr 18 '14 at 09:47
i go back to the login page after logout ... but when i press back it goes to the last page that i used... and then i press refresh it goes to the login page and the back button does not work anymore.. – raam Apr 18 '14 at 09:49
ur code is right but not completely.. that the point, if u can give me much more concrete answer or suggestion i will be helpful – raam Apr 18 '14 at 11:43

score 0 · Answer 2 · answered Apr 18 '14 at 10:20

it get logout successfully... 
but when i press the back button on the browser
it get back to the page... i was last on. Where i am wrong and what can be done

You are not wrong . As it is the browser functionality

1. If you try to perform any operation . (i.e.) if you try to send any request to server , you will not be allowed to do that.

To Prevent going back to last page , you can try Disable the back button on the LOGIN page

Hope this helps!!

score 0 · Answer 3 · answered Apr 18 '14 at 10:34

You token concept to avoid this.

After login success full,while creating a Session,create a token and attach it to the session.

String token = UUID.randomUUID().toString();

Store this in session.

session.setAttribute("token", token);

Pass it as hidden input value of the form.

At the time of logout,just remove the token from the session. And forward it to log out page. At every page check for token,if token is not there,then redirect it to home page.

cannot destroy session in jsp

3 Answers3