When gmail is logged off it shows the login page and the back button of the browser again leads to the login page. The user inbox is never showed again. How should i implement the same in my web application. I am using JSP and javascript in my application
1 Answers
Only two things needs to be done:
Check if the user is logged in. If so, then continue request. If not, then go to login page. A
Filter
is a perfect tool for this. An example can be found in this answer.Instruct webbrowser to not cache the page so that the enduser won't be able to request the page from the browser cache and the browser is thus forced to fire a fullworthy HTTP request (which would then trigger the
Filter
at #1). This is to be done by adding three response headersCache-Control
,Pragma
andExpires
as detailed in this answer. Again, aFilter
is a perfect tool for the job. It can even be done in the sameFilter
as in #1.
Note that you definitely don't want to handle this with JavaScript since it can easily be disabled/hacked/spoofed by the enduser.