473,467 Members | 1,410 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

On logout disable the back button and expire session

9 New Member
Hi all,
I am developing a web application. I am using Servlet and JSP. After logout the user should not able to see the previous pages and page should navigate to loginpage.jsp.
I have used following code :
Expand|Select|Wrap|Line Numbers
  1. <%
  2. session.invalidate();
  3. response.setHeader("Cache-Control","no-cache"); 
  4. response.setHeader("Cache-Control","no-store"); 
  5. response.setDateHeader("Expires", 0); 
  6. response.sendRedirect("home.jsp");
  7. %>
and
Expand|Select|Wrap|Line Numbers
  1. <meta http-equiv=[COLOR=red]"cache-control"[/COLOR] content=[COLOR=red]"max-age=0, must-revalidate, no-cache, no-store, private"[/COLOR]>
  2. <meta http-equiv=[COLOR=red]"expires"[/COLOR] content=[COLOR=red]"-1"[/COLOR]>
  3.  
  4. <meta http-equiv=[COLOR=red]"pragma"[/COLOR] content=[COLOR=red]"no-cache"[/COLOR]>
The problem is:
Once user click on logout hyper link the page is reforwarding to loginpage.jsp and
after clicking back button the session expire message is coming, but if user again and
again click on back button the user is able to see previous to previous page.which i dont want,

Solution for:
If user click on logout hyper link,all previous browsed pages or history should be
clear and page should redirect to Loginpage.jsp.
Please help me,
Thanks in advance.
Jan 25 '09 #1
5 53891
chaarmann
785 Recognized Expert Contributor
Use a frameset.
The outer frame is invisible and holds the inner frame.
So all browsing is done in the inner frame, which shows your application page. When logging out, the inner frame just makes a javascript command to reload the outer frame with url-parameter=login.

So for example if a user comes from google page to your application page, he will be able to move forward and backward, because it all happens inside the inner frame. But if he logs out, the inner frame is destroyed, so if he presses back button, he comes back to google page, and go forward is not possible anymore.
Jan 27 '09 #2
umbr
9 New Member
Hi vinodsk101.
You need to prevent pages from caching by browser. Put "no cache" statements in all pages/servlets.
Feb 13 '09 #3
naveen vodapall
3 New Member
Expand|Select|Wrap|Line Numbers
  1. --------------------------------index.jsp starts-------------
  2.     <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  3.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  4.     <html>
  5.     <head>
  6.     <title>My JSP 'index.jsp' starting page</title>
  7.     </head>
  8.     <body>
  9.     <%request.getSession().setAttribute("user", "Naveen Kumar Vodapally");%>
  10.     <br>
  11.     <input type='button' value='login' onClick="javascript:location.href = 'MyJsp.jsp'"/>
  12.     </body>
  13.     </html>
  14.     -------------------------------MyJsp.jsp starts------------------------
  15.     <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  16.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  17.     <html>
  18.     <head>
  19.     <title>My JSP 'MyJsp.jsp' starting page</title>
  20.     <%response.setHeader("Cache-Control", "no-cache");
  21.     response.setHeader("Cache-Control", "no-store");
  22.     response.setHeader("Pragma", "no-cache");
  23.     response.setDateHeader("Expires", 0);%>
  24.     </head>
  25.     <body>
  26.     <%String u = (String) request.getSession().getAttribute("user");
  27.     if (u != null ) {
  28.     System.out.println("user != null");
  29.     out.print("Welcome "+u);
  30.     }else{
  31.     System.out.println("user == null");
  32.     response.sendRedirect("logout.jsp");
  33.     }%>
  34.     This is my JSP page. <br>
  35.     <input type='button' value='log out' onClick="javascript:location.href = 'logout.jsp'"/>
  36.     </body>
  37.     </html>
  38.     --------------------------------logout.jsp starts----------------------
  39.     <% @ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  40.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  41.     <html>
  42.     <head>
  43.     <title>My JSP 'logout.jsp' starting page</title>
  44.     </head>
  45.     <body>
  46.     <%request.getSession().setAttribute("user", null);%>
  47.     Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
  48.     </body>
  49.     </html>
Mar 3 '14 #4
naveen vodapall
3 New Member
POST REDIRECT AND GET (PRG) APPROACH

Expand|Select|Wrap|Line Numbers
  1. --------------index.jsp starts ----------------------
  2. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  3. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  4. <html>
  5.   <head>
  6.     <title>My JSP 'index.jsp' starting page</title>
  7.   </head>
  8.  
  9.   <body>
  10.       <br>
  11.     <form action="MyJsp.jsp" method='post'>
  12.         <input type='text' name='user' value='naveen'/>
  13.         <input type='submit' name='login' value='Login'/>
  14.     </form>
  15.   </body>
  16. </html>
  17.  
  18. -----------------------MyJsp.jsp starts -----------------
  19. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  20. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  21. <html>
  22.   <head>
  23.     <title>My JSP 'MyJsp.jsp' starting page</title>
  24.   </head>
  25.   <body>
  26.   <%request.getSession().setAttribute("user", request.getParameter("user"));%>
  27.   <%String u = (String) request.getSession().getAttribute("user");
  28.     if (u != null ) {
  29.         response.sendRedirect("success.jsp");
  30.     }%>
  31.   </body>
  32. </html>
  33.  
  34. -----------------------success.jsp starts -----------------
  35. <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
  36.     pageEncoding="ISO-8859-1"%>
  37. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  38. <html>
  39. <head>
  40. <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
  41. <title>Insert title here</title>
  42. <%response.setHeader("Cache-Control", "no-cache");
  43.     response.setHeader("Cache-Control", "no-store");
  44.     response.setHeader("Pragma", "no-cache");
  45.     response.setDateHeader("Expires", 0);
  46.     int timeout = session.getMaxInactiveInterval();
  47.     response.setHeader("Refresh", timeout + "; URL = expire.jsp");%>
  48. </head>
  49. <body>
  50. <%String u = (String) request.getSession().getAttribute("user");
  51.     if (u != null ) {
  52.         out.print("Welcome "+u);
  53.     }else{
  54.         response.sendRedirect("expire.jsp");
  55.     }%>
  56.  
  57. <input type='button' value='log out' onClick="javascript:location.href = 'logout.jsp'"/>
  58. </body>
  59. </html>
  60.  
  61. ------------------------logout.jsp starts-----------------
  62. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  63. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  64. <html>
  65.   <head>
  66.     <title>My JSP 'logout.jsp' starting page</title>
  67.   </head>
  68.   <body>
  69.   <%request.getSession().setAttribute("user", null);%>
  70.     Logged out successfully. Click <a href='index.jsp'>here</a> to login again.<br>
  71.   </body>
  72. </html>
  73.  
  74. -----------------------expire.jsp starts------------------
  75. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  76. <%
  77. String path = request.getContextPath();
  78. String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
  79. %>
  80.  
  81. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  82. <html>
  83.   <head>
  84.     <base href="<%=basePath%>">
  85.  
  86.     <title>My JSP 'expire.jsp' starting page</title>
  87.  
  88.     <meta http-equiv="pragma" content="no-cache">
  89.     <meta http-equiv="cache-control" content="no-cache">
  90.     <meta http-equiv="expires" content="0">    
  91.     <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
  92.     <meta http-equiv="description" content="This is my page">
  93.     <!--
  94.     <link rel="stylesheet" type="text/css" href="styles.css">
  95.     -->
  96.  
  97.   </head>
  98.  
  99.   <body>
  100.     Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
  101.   </body>
  102. </html>
  103.  
  104. ---------------------The End -------------
Mar 6 '14 #5
naveen vodapall
3 New Member
--------------------------index.jsp starts-------------------
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=welcomeLink.action">

----------------------baseLayout.jsp starts-----------
<%@ taglib uri="http://tiles.apache.org/tags-tiles" prefix="tiles" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



<table border="1" align="center" width="400px;">
<tr>
<td height="30" colspan="2">
<tiles:insertAttribute name="myHeader" />
</td>
</tr>
<tr>
<td>
<tiles:insertAttribute name="myBody" />
</td>
</tr>
<tr>
<td>
<tiles:insertAttribute name="myFooter" />
</td>
</tr>
</table>
--------------------head.jsp starts------------
<%@ taglib prefix="s" uri="/struts-tags" %>
<center>
<h4> Header </h4>
----------------------body.jsp starts ------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'index.jsp' starting page</title>
</head>

<body>
<br>
<form action="loginLink.action" method='post'>
<input type='text' name='user' value='naveen'/>
<input type='submit' name='login' value='Login'/>
</form>
</body>
</html>
---------------------struts.xml starts ----------------
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
<package name="default" extends="struts-default">

<result-types>
<result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult" />
</result-types>

<action name="*Link" method="{1}" class="java4s.LogingEx">
<result name="welcome" type="tiles">welcome</result>
<result name="editBusiness" type="tiles">editBusiness</result>
<result name="success" type="tiles">success</result>
<result name="expire" type="tiles">expire</result>
<result name="logout" type="tiles">logout</result>
</action>

</package>
</struts>
-------------------------tiles.xml starts -----------
<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE tiles-definitions PUBLIC
"-//Apache Software Foundation//DTD Tiles Configuration 2.0//EN"
"http://tiles.apache.org/dtds/tiles-config_2_0.dtd">

<tiles-definitions>

<definition name="welcome" template="/baseLayout.jsp">
<put-attribute name="myHeader" value="/head.jsp"/>
<put-attribute name="myBody" value="/body.jsp"/>
<put-attribute name="myFooter" value="/footer.jsp"/>
</definition>
<definition name="editBusiness" extends="welcome">
<put-attribute name="myBody" value="/editBusiness.jsp"/>
</definition>
<definition name="success" extends="welcome">
<put-attribute name="myBody" value="/success.jsp"/>
</definition>
<definition name="logout" extends="welcome">
<put-attribute name="myBody" value="/logout.jsp"/>
</definition>
<definition name="expire" extends="welcome">
<put-attribute name="myBody" value="/expire.jsp"/>
</definition>

</tiles-definitions>
-----------------------LogingEx.java starts --------------
package java4s;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionSupport;

public class LogingEx extends ActionSupport {

private static final long serialVersionUID = -2613425890762568273L;

private String user;
private String rdto;

public String welcome()
{
LOG.info("inside welcome()");
return "welcome";
}
public String login() throws Exception{
LOG.info("start login()");

if(user != null){
HttpServletRequest request = ServletActionContext.getRequest();
request.getSession().setAttribute("user", user);
HttpServletResponse response = ServletActionContext.getResponse();
response.sendRedirect("successLink.action");
}
LOG.info("end login()");
return null;
}
public String success(){
LOG.info("start success()");
HttpServletResponse response = ServletActionContext.getResponse();
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);
setRdto("rdto1");
LOG.info("end success()");
return "success";
}
public String logout(){
return "logout";
}
public String expire(){
return "expire";
}
public String getRdto() {
return rdto;
}

public void setRdto(String rdto) {
this.rdto = rdto;
}

public String getUser() {
return user;
}

public void setUser(String user) {
this.user = user;
}
}
-----------------------success.jsp starts---------------
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
<%
session.setMaxInactiveInterval(5);
int timeout = session.getMaxInactiveInterval();
response.setHeader("Refresh", timeout + "; URL = logout.jsp");%>
</head>
<body>
<%String u = (String) request.getSession().getAttribute("user");
if (u == null ){
String path = request.getContextPath();
%>
<script>
window.location.href='<%=path%>/expireLink.action';
</script>
<%}
out.print("Welcome "+u);
out.println("<input type='button' value='log out' onClick=\"javascript:location.href = 'logoutLink.action'\"/>");%>
</body>
</html>
------------------------logout.jsp starts ----------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'logout.jsp' starting page</title>
</head>
<body>
<%request.getSession().setAttribute("user", null);%>
Logged out successfully. Click <a href='index.jsp'>here</a> to login again.<br>
</body>
</html>
-----------------expire.jsp starts--------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPor t()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">

<title>My JSP 'expire.jsp' starting page</title>

<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->

</head>

<body>
Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
</body>
</html>
Mar 11 '14 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

6
Can't end session with logout button
by: Jeff | last post by:
I've searched the web for hours trying to figure out this problem and can't seem to find any pertinent answers. I have a website where the user starts on a login page, puts in their credentials and...
PHP
2
Backspave button - disable
by: Dmitri Shvetsov | last post by:
Hi All, Is it possible to disable the backspace button in browser? I wrote a login page, then after login I can allow the user to work in the session. I don't want to allow the user to return...
C# / C Sharp
1
Logout status doesn't really logout?
by: va | last post by:
I am using the forms authentication. After clicking on the logout button, I navigate to the default page. But I noticed the user can hit the back button and go back to the previous page nd...
ASP.NET
25
need help with logout (logout not perfect)
by: crescent_au | last post by:
Hi all, I've written a login/logout code. It does what it's supposed to do but the problem is when I logout and press browser's back button (in Firefox), I get to the last login page. In IE,...
PHP
12
kamill
logout script not working properly.
by: kamill | last post by:
I have done a logout page for logout from admin section and provides a link to logout from admin section.Whenever i clicked on logout link it redirected to index.php of admin section......BUT when i...
PHP
3
Preventing Users from using the back button to view restricted pages after logout.
by: roshni86 | last post by:
I have the following code for a logout of an account in php.However it is not working,as when i press the "back" button,the page returns to the previous page where a user had signed and viewed. ...
PHP
1
logout problem using struts
by: shrik | last post by:
hi everybody. I have following problem. There are two pages. index.jsp and main.jsp in my application Index.jsp contains logging interface in . It submits password and userid to loginform bean. ...
Java
3
How To disable BACK BUTTON?
by: romeo971987 | last post by:
disable back button..... page should no do postback... i used history.go, history.back, session.abandon...and many more...but still previous page shows.... help me to expire the previous page.......
Javascript
4
problem in browser back button with logout
by: shahidrasul | last post by:
hi in my project when i click on logout anchor it goes to logout page and my code in logout page is if (Session != null) { Session = null; Session.Abandon(); ...
.NET Framework
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us