473,657 Members | 2,579 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

On logout disable the back button and expire session

9 New Member
Hi all,
I am developing a web application. I am using Servlet and JSP. After logout the user should not able to see the previous pages and page should navigate to loginpage.jsp.
I have used following code :
Expand|Select|Wrap|Line Numbers
  1. <%
  2. session.invalidate();
  3. response.setHeader("Cache-Control","no-cache"); 
  4. response.setHeader("Cache-Control","no-store"); 
  5. response.setDateHeader("Expires", 0); 
  6. response.sendRedirect("home.jsp");
  7. %>
and
Expand|Select|Wrap|Line Numbers
  1. <meta http-equiv=[COLOR=red]"cache-control"[/COLOR] content=[COLOR=red]"max-age=0, must-revalidate, no-cache, no-store, private"[/COLOR]>
  2. <meta http-equiv=[COLOR=red]"expires"[/COLOR] content=[COLOR=red]"-1"[/COLOR]>
  3.  
  4. <meta http-equiv=[COLOR=red]"pragma"[/COLOR] content=[COLOR=red]"no-cache"[/COLOR]>
The problem is:
Once user click on logout hyper link the page is reforwarding to loginpage.jsp and
after clicking back button the session expire message is coming, but if user again and
again click on back button the user is able to see previous to previous page.which i dont want,

Solution for:
If user click on logout hyper link,all previous browsed pages or history should be
clear and page should redirect to Loginpage.jsp.
Please help me,
Thanks in advance.
Jan 25 '09 #1
5 54041
chaarmann
785 Recognized Expert Contributor
Use a frameset.
The outer frame is invisible and holds the inner frame.
So all browsing is done in the inner frame, which shows your application page. When logging out, the inner frame just makes a javascript command to reload the outer frame with url-parameter=login .

So for example if a user comes from google page to your application page, he will be able to move forward and backward, because it all happens inside the inner frame. But if he logs out, the inner frame is destroyed, so if he presses back button, he comes back to google page, and go forward is not possible anymore.
Jan 27 '09 #2
umbr
9 New Member
Hi vinodsk101.
You need to prevent pages from caching by browser. Put "no cache" statements in all pages/servlets.
Feb 13 '09 #3
naveen vodapall
3 New Member
Expand|Select|Wrap|Line Numbers
  1. --------------------------------index.jsp starts-------------
  2.     <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  3.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  4.     <html>
  5.     <head>
  6.     <title>My JSP 'index.jsp' starting page</title>
  7.     </head>
  8.     <body>
  9.     <%request.getSession().setAttribute("user", "Naveen Kumar Vodapally");%>
  10.     <br>
  11.     <input type='button' value='login' onClick="javascript:location.href = 'MyJsp.jsp'"/>
  12.     </body>
  13.     </html>
  14.     -------------------------------MyJsp.jsp starts------------------------
  15.     <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  16.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  17.     <html>
  18.     <head>
  19.     <title>My JSP 'MyJsp.jsp' starting page</title>
  20.     <%response.setHeader("Cache-Control", "no-cache");
  21.     response.setHeader("Cache-Control", "no-store");
  22.     response.setHeader("Pragma", "no-cache");
  23.     response.setDateHeader("Expires", 0);%>
  24.     </head>
  25.     <body>
  26.     <%String u = (String) request.getSession().getAttribute("user");
  27.     if (u != null ) {
  28.     System.out.println("user != null");
  29.     out.print("Welcome "+u);
  30.     }else{
  31.     System.out.println("user == null");
  32.     response.sendRedirect("logout.jsp");
  33.     }%>
  34.     This is my JSP page. <br>
  35.     <input type='button' value='log out' onClick="javascript:location.href = 'logout.jsp'"/>
  36.     </body>
  37.     </html>
  38.     --------------------------------logout.jsp starts----------------------
  39.     <% @ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  40.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  41.     <html>
  42.     <head>
  43.     <title>My JSP 'logout.jsp' starting page</title>
  44.     </head>
  45.     <body>
  46.     <%request.getSession().setAttribute("user", null);%>
  47.     Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
  48.     </body>
  49.     </html>
Mar 3 '14 #4
naveen vodapall
3 New Member
POST REDIRECT AND GET (PRG) APPROACH

Expand|Select|Wrap|Line Numbers
  1. --------------index.jsp starts ----------------------
  2. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  3. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  4. <html>
  5.   <head>
  6.     <title>My JSP 'index.jsp' starting page</title>
  7.   </head>
  8.  
  9.   <body>
  10.       <br>
  11.     <form action="MyJsp.jsp" method='post'>
  12.         <input type='text' name='user' value='naveen'/>
  13.         <input type='submit' name='login' value='Login'/>
  14.     </form>
  15.   </body>
  16. </html>
  17.  
  18. -----------------------MyJsp.jsp starts -----------------
  19. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  20. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  21. <html>
  22.   <head>
  23.     <title>My JSP 'MyJsp.jsp' starting page</title>
  24.   </head>
  25.   <body>
  26.   <%request.getSession().setAttribute("user", request.getParameter("user"));%>
  27.   <%String u = (String) request.getSession().getAttribute("user");
  28.     if (u != null ) {
  29.         response.sendRedirect("success.jsp");
  30.     }%>
  31.   </body>
  32. </html>
  33.  
  34. -----------------------success.jsp starts -----------------
  35. <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
  36.     pageEncoding="ISO-8859-1"%>
  37. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  38. <html>
  39. <head>
  40. <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
  41. <title>Insert title here</title>
  42. <%response.setHeader("Cache-Control", "no-cache");
  43.     response.setHeader("Cache-Control", "no-store");
  44.     response.setHeader("Pragma", "no-cache");
  45.     response.setDateHeader("Expires", 0);
  46.     int timeout = session.getMaxInactiveInterval();
  47.     response.setHeader("Refresh", timeout + "; URL = expire.jsp");%>
  48. </head>
  49. <body>
  50. <%String u = (String) request.getSession().getAttribute("user");
  51.     if (u != null ) {
  52.         out.print("Welcome "+u);
  53.     }else{
  54.         response.sendRedirect("expire.jsp");
  55.     }%>
  56.  
  57. <input type='button' value='log out' onClick="javascript:location.href = 'logout.jsp'"/>
  58. </body>
  59. </html>
  60.  
  61. ------------------------logout.jsp starts-----------------
  62. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  63. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  64. <html>
  65.   <head>
  66.     <title>My JSP 'logout.jsp' starting page</title>
  67.   </head>
  68.   <body>
  69.   <%request.getSession().setAttribute("user", null);%>
  70.     Logged out successfully. Click <a href='index.jsp'>here</a> to login again.<br>
  71.   </body>
  72. </html>
  73.  
  74. -----------------------expire.jsp starts------------------
  75. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  76. <%
  77. String path = request.getContextPath();
  78. String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
  79. %>
  80.  
  81. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  82. <html>
  83.   <head>
  84.     <base href="<%=basePath%>">
  85.  
  86.     <title>My JSP 'expire.jsp' starting page</title>
  87.  
  88.     <meta http-equiv="pragma" content="no-cache">
  89.     <meta http-equiv="cache-control" content="no-cache">
  90.     <meta http-equiv="expires" content="0">    
  91.     <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
  92.     <meta http-equiv="description" content="This is my page">
  93.     <!--
  94.     <link rel="stylesheet" type="text/css" href="styles.css">
  95.     -->
  96.  
  97.   </head>
  98.  
  99.   <body>
  100.     Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
  101.   </body>
  102. </html>
  103.  
  104. ---------------------The End -------------
Mar 6 '14 #5
naveen vodapall
3 New Member
--------------------------index.jsp starts-------------------
<META HTTP-EQUIV="Refresh" CONTENT="0;URL= welcomeLink.act ion">

----------------------baseLayout.jsp starts-----------
<%@ taglib uri="http://tiles.apache.or g/tags-tiles" prefix="tiles" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



<table border="1" align="center" width="400px;">
<tr>
<td height="30" colspan="2">
<tiles:insertAt tribute name="myHeader" />
</td>
</tr>
<tr>
<td>
<tiles:insertAt tribute name="myBody" />
</td>
</tr>
<tr>
<td>
<tiles:insertAt tribute name="myFooter" />
</td>
</tr>
</table>
--------------------head.jsp starts------------
<%@ taglib prefix="s" uri="/struts-tags" %>
<center>
<h4> Header </h4>
----------------------body.jsp starts ------------
<%@ page language="java" import="java.ut il.*" pageEncoding="I SO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'index.jsp' starting page</title>
</head>

<body>
<br>
<form action="loginLi nk.action" method='post'>
<input type='text' name='user' value='naveen'/>
<input type='submit' name='login' value='Login'/>
</form>
</body>
</html>
---------------------struts.xml starts ----------------
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.o rg/dtds/struts-2.0.dtd">

<struts>
<package name="default" extends="struts-default">

<result-types>
<result-type name="tiles" class="org.apac he.struts2.view s.tiles.TilesRe sult" />
</result-types>

<action name="*Link" method="{1}" class="java4s.L ogingEx">
<result name="welcome" type="tiles">we lcome</result>
<result name="editBusin ess" type="tiles">ed itBusiness</result>
<result name="success" type="tiles">su ccess</result>
<result name="expire" type="tiles">ex pire</result>
<result name="logout" type="tiles">lo gout</result>
</action>

</package>
</struts>
-------------------------tiles.xml starts -----------
<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE tiles-definitions PUBLIC
"-//Apache Software Foundation//DTD Tiles Configuration 2.0//EN"
"http://tiles.apache.or g/dtds/tiles-config_2_0.dtd" >

<tiles-definitions>

<definition name="welcome" template="/baseLayout.jsp" >
<put-attribute name="myHeader" value="/head.jsp"/>
<put-attribute name="myBody" value="/body.jsp"/>
<put-attribute name="myFooter" value="/footer.jsp"/>
</definition>
<definition name="editBusin ess" extends="welcom e">
<put-attribute name="myBody" value="/editBusiness.js p"/>
</definition>
<definition name="success" extends="welcom e">
<put-attribute name="myBody" value="/success.jsp"/>
</definition>
<definition name="logout" extends="welcom e">
<put-attribute name="myBody" value="/logout.jsp"/>
</definition>
<definition name="expire" extends="welcom e">
<put-attribute name="myBody" value="/expire.jsp"/>
</definition>

</tiles-definitions>
-----------------------LogingEx.java starts --------------
package java4s;
import javax.servlet.h ttp.HttpServlet Request;
import javax.servlet.h ttp.HttpServlet Response;

import org.apache.stru ts2.ServletActi onContext;

import com.opensymphon y.xwork2.Action Support;

public class LogingEx extends ActionSupport {

private static final long serialVersionUI D = -261342589076256 8273L;

private String user;
private String rdto;

public String welcome()
{
LOG.info("insid e welcome()");
return "welcome";
}
public String login() throws Exception{
LOG.info("start login()");

if(user != null){
HttpServletRequ est request = ServletActionCo ntext.getReques t();
request.getSess ion().setAttrib ute("user", user);
HttpServletResp onse response = ServletActionCo ntext.getRespon se();
response.sendRe direct("success Link.action");
}
LOG.info("end login()");
return null;
}
public String success(){
LOG.info("start success()");
HttpServletResp onse response = ServletActionCo ntext.getRespon se();
response.setHea der("Cache-Control", "no-cache");
response.setHea der("Cache-Control", "no-store");
response.setHea der("Pragma", "no-cache");
response.setDat eHeader("Expire s", 0);
setRdto("rdto1" );
LOG.info("end success()");
return "success";
}
public String logout(){
return "logout";
}
public String expire(){
return "expire";
}
public String getRdto() {
return rdto;
}

public void setRdto(String rdto) {
this.rdto = rdto;
}

public String getUser() {
return user;
}

public void setUser(String user) {
this.user = user;
}
}
-----------------------success.jsp starts---------------
<%@ page language="java" contentType="te xt/html; charset=ISO-8859-1"
pageEncoding="I SO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
<%
session.setMaxI nactiveInterval (5);
int timeout = session.getMaxI nactiveInterval ();
response.setHea der("Refresh", timeout + "; URL = logout.jsp");%>
</head>
<body>
<%String u = (String) request.getSess ion().getAttrib ute("user");
if (u == null ){
String path = request.getCont extPath();
%>
<script>
window.location .href='<%=path% >/expireLink.acti on';
</script>
<%}
out.print("Welc ome "+u);
out.println("<i nput type='button' value='log out' onClick=\"javas cript:location. href = 'logoutLink.act ion'\"/>");%>
</body>
</html>
------------------------logout.jsp starts ----------------
<%@ page language="java" import="java.ut il.*" pageEncoding="I SO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'logout.jsp' starting page</title>
</head>
<body>
<%request.getSe ssion().setAttr ibute("user", null);%>
Logged out successfully. Click <a href='index.jsp '>here</a> to login again.<br>
</body>
</html>
-----------------expire.jsp starts--------------
<%@ page language="java" import="java.ut il.*" pageEncoding="I SO-8859-1"%>
<%
String path = request.getCont extPath();
String basePath = request.getSche me()+"://"+request.getSe rverName()+":"+ request.getServ erPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePa th%>">

<title>My JSP 'expire.jsp' starting page</title>

<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords " content="keywor d1,keyword2,key word3">
<meta http-equiv="descript ion" content="This is my page">
<!--
<link rel="stylesheet " type="text/css" href="styles.cs s">
-->

</head>

<body>
Your session has expired. Click <a href='index.jsp '>here</a> to login again.<br>
</body>
</html>
Mar 11 '14 #6

Sign in to post your reply or Sign up for a free account.

Similar topics
6
14647
Can't end session with logout button
by: Jeff | last post by:
I've searched the web for hours trying to figure out this problem and can't seem to find any pertinent answers. I have a website where the user starts on a login page, puts in their credentials and hits a submit button, which then takes the user to a 2nd PHP page which simply runs PHP code that checks the user's credentials from my database, and if authenticated creates a session, assigns a few session variables (including a session...
PHP
2
3006
Backspave button - disable
by: Dmitri Shvetsov | last post by:
Hi All, Is it possible to disable the backspace button in browser? I wrote a login page, then after login I can allow the user to work in the session. I don't want to allow the user to return back using browser features. If he needs to return back he could press a designed button. Using the standard Backspace button can destroy the usual flow of the program and database filling, even cause some problems on the login page if the user...
C# / C Sharp
1
1622
Logout status doesn't really logout?
by: va | last post by:
I am using the forms authentication. After clicking on the logout button, I navigate to the default page. But I noticed the user can hit the back button and go back to the previous page nd continue working. I would've thought that logging out using loginstatus would expire the pages, no? Is there something else I should be doing?
ASP.NET
25
3313
need help with logout (logout not perfect)
by: crescent_au | last post by:
Hi all, I've written a login/logout code. It does what it's supposed to do but the problem is when I logout and press browser's back button (in Firefox), I get to the last login page. In IE, when I press back button, I get to the page that says "Page has Expired" but Firefox does not do this. I think it's something to do with sessions not properly unset or something like that but I haven't been able to figure it out. I am
PHP
12
4580
kamill
logout script not working properly.
by: kamill | last post by:
I have done a logout page for logout from admin section and provides a link to logout from admin section.Whenever i clicked on logout link it redirected to index.php of admin section......BUT when i am tring to go back threw back button of Browser....it send me last visted pages(means sessons not expire properly). How can i solve it... One more thing is that the script is working properly on localhost....problem occures when i uploaded it on...
PHP
3
6397
Preventing Users from using the back button to view restricted pages after logout.
by: roshni86 | last post by:
I have the following code for a logout of an account in php.However it is not working,as when i press the "back" button,the page returns to the previous page where a user had signed and viewed. <?php //start the session session_start(); //check to make sure the session variable is registered if(session_is_registered('userid')){ //session variable is registered, the user is ready to logout
PHP
1
14049
logout problem using struts
by: shrik | last post by:
hi everybody. I have following problem. There are two pages. index.jsp and main.jsp in my application Index.jsp contains logging interface in . It submits password and userid to loginform bean. following are entries in struts-config.xml file <action input="index.jsp" name="loginform" path="/login" scope="session" type="com.myapp.struts.loginaction"> <forward name="success" path="/main.jsp"/>
Java
3
2871
How To disable BACK BUTTON?
by: romeo971987 | last post by:
disable back button..... page should no do postback... i used history.go, history.back, session.abandon...and many more...but still previous page shows.... help me to expire the previous page.......
Javascript
4
3406
problem in browser back button with logout
by: shahidrasul | last post by:
hi in my project when i click on logout anchor it goes to logout page and my code in logout page is if (Session != null) { Session = null; Session.Abandon(); Response.Clear(); FormsAuthentication.SignOut(); Response.Redirect("login.aspx"); }
.NET Framework
0
8730
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
8605
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
7321
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
5632
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4151
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
4301
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
2726
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
1950
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
2
1607
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us