0

In my project I am using HttpSession for maintaining the user state. when I hit the link to logout servlet and logs out successfully but if I press back button it reloads the profile page again.

LogoutServlet.java

HttpSession session=request.getSession(false);
session.invalidate();
response.sendRedirect("index.html");

LoginServlet.java

    HttpSession session=request.getSession();
    session.setAttribute("userName",u);
Arpit Agrawal
  • 311
  • 1
  • 2
  • 12
  • And does the browser really reload the page, or just displays it from the cache? Anyway, to debug further, a bit more code of the profile page (and perhaps also of the login servlet) would be useful. – Jozef Chocholacek Jun 15 '15 at 08:19

1 Answers1

0

I can imagine 3 possible causes :

  • you are using a Single Sign On system (something like CAS) and you are automatically reconnected when you close your session => in that case you explictely disconnect from the SSO (not the most common problem)
  • the back button of the browser shows a cached version of the page. You can confirm that by asking a full refresh of the page - normally Ctrl-F5 does it but you will find more references on wikipedia => in that case you cannot do more except controlling the configuration of cache on browser and the caching parameters of the page (HTTP header Expire)
  • the URL contains the reference to the user and is publicly accessible : the display is normal => if you do not want that, you should make the page accessible only to logged on users.
Serge Ballesta
  • 121,548
  • 10
  • 94
  • 199