0

When gmail is logged off it shows the login page and the back button of the browser again leads to the login page. The user inbox is never showed again. How should i implement the same in my web application. I am using JSP and javascript in my application

nikhil
  • 8,141
  • 20
  • 51
  • 80

1 Answers1

0

Only two things needs to be done:

  1. Check if the user is logged in. If so, then continue request. If not, then go to login page. A Filter is a perfect tool for this. An example can be found in this answer.

  2. Instruct webbrowser to not cache the page so that the enduser won't be able to request the page from the browser cache and the browser is thus forced to fire a fullworthy HTTP request (which would then trigger the Filter at #1). This is to be done by adding three response headers Cache-Control, Pragma and Expires as detailed in this answer. Again, a Filter is a perfect tool for the job. It can even be done in the same Filter as in #1.

Note that you definitely don't want to handle this with JavaScript since it can easily be disabled/hacked/spoofed by the enduser.

Community
  • 1
  • 1
BalusC
  • 992,635
  • 352
  • 3,478
  • 3,452