iam using this in my logout page:
session.invalidate();
response.sendRedirect("login.jsp");
and then this on every page to check if the session is being set or not
session.getAttribute("username");
HttpSession session1 = request.getSession(false);
if(session1== null )
{%>
<jsp:forward page="login.jsp"/>
<%
}
else
{%>
load the content of the page
it get logout successfully... but when i press the back button on the browser it get back to the page... i was last on. Where iam wrong and what can be done