Hello,
I have the same problem some days ago. I found two solutions: using https(SSL) in the web server (if SSL really fits to your application security requirements), since SSL web pages are not cached, or telling the browser to don't cache the JSP page, so when the user clicks the back button the browser will have to send a request.
response.setHeader("Cache-Control","no-cache"); //Forces caches to obtain a new copy of the page from the origin server response.setHeader("Cache-Control","no-store"); //Directs caches not to store the page under any circumstance response.setDateHeader("Expires", 0); //Causes the proxy cache to see the page as "stale" response.setHeader("Pragma","no-cache"); //HTTP 1.0 backward compatibility
More details on: http://www.javaworld.com/javaworld/jw-09-2004/jw-0927-logout.html Jorge. Mohan escribió:
Hi All, I have problem in my application.In My application I have login and log out functionality.When user clicks log-out I am removing the session and I am redirectiong to Login page.So far it is working fine.But problem starts here.If user clicks the back button of browser window.He is able to see the last visited page .But I want to restrict him like ,once the user is logged out .and if he clicks the back button I want him to redirect to the login page or showing some message. thanks and regards, Mohan. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
