473,562 Members | 2,610 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

On logout disable the back button and expire session

9 New Member
Hi all,
I am developing a web application. I am using Servlet and JSP. After logout the user should not able to see the previous pages and page should navigate to loginpage.jsp.
I have used following code :
Expand|Select|Wrap|Line Numbers
  1. <%
  2. session.invalidate();
  3. response.setHeader("Cache-Control","no-cache"); 
  4. response.setHeader("Cache-Control","no-store"); 
  5. response.setDateHeader("Expires", 0); 
  6. response.sendRedirect("home.jsp");
  7. %>
Expand|Select|Wrap|Line Numbers
  1. <meta http-equiv=[COLOR=red]"cache-control"[/COLOR] content=[COLOR=red]"max-age=0, must-revalidate, no-cache, no-store, private"[/COLOR]>
  2. <meta http-equiv=[COLOR=red]"expires"[/COLOR] content=[COLOR=red]"-1"[/COLOR]>
  4. <meta http-equiv=[COLOR=red]"pragma"[/COLOR] content=[COLOR=red]"no-cache"[/COLOR]>
The problem is:
Once user click on logout hyper link the page is reforwarding to loginpage.jsp and
after clicking back button the session expire message is coming, but if user again and
again click on back button the user is able to see previous to previous page.which i dont want,

Solution for:
If user click on logout hyper link,all previous browsed pages or history should be
clear and page should redirect to Loginpage.jsp.
Please help me,
Thanks in advance.
Jan 25 '09 #1
5 53982
785 Recognized Expert Contributor
Use a frameset.
The outer frame is invisible and holds the inner frame.
So all browsing is done in the inner frame, which shows your application page. When logging out, the inner frame just makes a javascript command to reload the outer frame with url-parameter=login .

So for example if a user comes from google page to your application page, he will be able to move forward and backward, because it all happens inside the inner frame. But if he logs out, the inner frame is destroyed, so if he presses back button, he comes back to google page, and go forward is not possible anymore.
Jan 27 '09 #2
9 New Member
Hi vinodsk101.
You need to prevent pages from caching by browser. Put "no cache" statements in all pages/servlets.
Feb 13 '09 #3
naveen vodapall
3 New Member
Expand|Select|Wrap|Line Numbers
  1. --------------------------------index.jsp starts-------------
  2.     <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  3.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  4.     <html>
  5.     <head>
  6.     <title>My JSP 'index.jsp' starting page</title>
  7.     </head>
  8.     <body>
  9.     <%request.getSession().setAttribute("user", "Naveen Kumar Vodapally");%>
  10.     <br>
  11.     <input type='button' value='login' onClick="javascript:location.href = 'MyJsp.jsp'"/>
  12.     </body>
  13.     </html>
  14.     -------------------------------MyJsp.jsp starts------------------------
  15.     <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  16.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  17.     <html>
  18.     <head>
  19.     <title>My JSP 'MyJsp.jsp' starting page</title>
  20.     <%response.setHeader("Cache-Control", "no-cache");
  21.     response.setHeader("Cache-Control", "no-store");
  22.     response.setHeader("Pragma", "no-cache");
  23.     response.setDateHeader("Expires", 0);%>
  24.     </head>
  25.     <body>
  26.     <%String u = (String) request.getSession().getAttribute("user");
  27.     if (u != null ) {
  28.     System.out.println("user != null");
  29.     out.print("Welcome "+u);
  30.     }else{
  31.     System.out.println("user == null");
  32.     response.sendRedirect("logout.jsp");
  33.     }%>
  34.     This is my JSP page. <br>
  35.     <input type='button' value='log out' onClick="javascript:location.href = 'logout.jsp'"/>
  36.     </body>
  37.     </html>
  38.     --------------------------------logout.jsp starts----------------------
  39.     <% @ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  40.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  41.     <html>
  42.     <head>
  43.     <title>My JSP 'logout.jsp' starting page</title>
  44.     </head>
  45.     <body>
  46.     <%request.getSession().setAttribute("user", null);%>
  47.     Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
  48.     </body>
  49.     </html>
Mar 3 '14 #4
naveen vodapall
3 New Member

Expand|Select|Wrap|Line Numbers
  1. --------------index.jsp starts ----------------------
  2. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  3. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  4. <html>
  5.   <head>
  6.     <title>My JSP 'index.jsp' starting page</title>
  7.   </head>
  9.   <body>
  10.       <br>
  11.     <form action="MyJsp.jsp" method='post'>
  12.         <input type='text' name='user' value='naveen'/>
  13.         <input type='submit' name='login' value='Login'/>
  14.     </form>
  15.   </body>
  16. </html>
  18. -----------------------MyJsp.jsp starts -----------------
  19. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  20. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  21. <html>
  22.   <head>
  23.     <title>My JSP 'MyJsp.jsp' starting page</title>
  24.   </head>
  25.   <body>
  26.   <%request.getSession().setAttribute("user", request.getParameter("user"));%>
  27.   <%String u = (String) request.getSession().getAttribute("user");
  28.     if (u != null ) {
  29.         response.sendRedirect("success.jsp");
  30.     }%>
  31.   </body>
  32. </html>
  34. -----------------------success.jsp starts -----------------
  35. <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
  36.     pageEncoding="ISO-8859-1"%>
  37. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  38. <html>
  39. <head>
  40. <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
  41. <title>Insert title here</title>
  42. <%response.setHeader("Cache-Control", "no-cache");
  43.     response.setHeader("Cache-Control", "no-store");
  44.     response.setHeader("Pragma", "no-cache");
  45.     response.setDateHeader("Expires", 0);
  46.     int timeout = session.getMaxInactiveInterval();
  47.     response.setHeader("Refresh", timeout + "; URL = expire.jsp");%>
  48. </head>
  49. <body>
  50. <%String u = (String) request.getSession().getAttribute("user");
  51.     if (u != null ) {
  52.         out.print("Welcome "+u);
  53.     }else{
  54.         response.sendRedirect("expire.jsp");
  55.     }%>
  57. <input type='button' value='log out' onClick="javascript:location.href = 'logout.jsp'"/>
  58. </body>
  59. </html>
  61. ------------------------logout.jsp starts-----------------
  62. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  63. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  64. <html>
  65.   <head>
  66.     <title>My JSP 'logout.jsp' starting page</title>
  67.   </head>
  68.   <body>
  69.   <%request.getSession().setAttribute("user", null);%>
  70.     Logged out successfully. Click <a href='index.jsp'>here</a> to login again.<br>
  71.   </body>
  72. </html>
  74. -----------------------expire.jsp starts------------------
  75. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  76. <%
  77. String path = request.getContextPath();
  78. String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
  79. %>
  81. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  82. <html>
  83.   <head>
  84.     <base href="<%=basePath%>">
  86.     <title>My JSP 'expire.jsp' starting page</title>
  88.     <meta http-equiv="pragma" content="no-cache">
  89.     <meta http-equiv="cache-control" content="no-cache">
  90.     <meta http-equiv="expires" content="0">    
  91.     <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
  92.     <meta http-equiv="description" content="This is my page">
  93.     <!--
  94.     <link rel="stylesheet" type="text/css" href="styles.css">
  95.     -->
  97.   </head>
  99.   <body>
  100.     Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
  101.   </body>
  102. </html>
  104. ---------------------The End -------------
Mar 6 '14 #5
naveen vodapall
3 New Member
--------------------------index.jsp starts-------------------
<META HTTP-EQUIV="Refresh" CONTENT="0;URL= welcomeLink.act ion">

----------------------baseLayout.jsp starts-----------
<%@ taglib uri="http://tiles.apache.or g/tags-tiles" prefix="tiles" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

<table border="1" align="center" width="400px;">
<td height="30" colspan="2">
<tiles:insertAt tribute name="myHeader" />
<tiles:insertAt tribute name="myBody" />
<tiles:insertAt tribute name="myFooter" />
--------------------head.jsp starts------------
<%@ taglib prefix="s" uri="/struts-tags" %>
<h4> Header </h4>
----------------------body.jsp starts ------------
<%@ page language="java" import="java.ut il.*" pageEncoding="I SO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<title>My JSP 'index.jsp' starting page</title>

<form action="loginLi nk.action" method='post'>
<input type='text' name='user' value='naveen'/>
<input type='submit' name='login' value='Login'/>
---------------------struts.xml starts ----------------
<?xml version="1.0" encoding="UTF-8"?>

"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.o rg/dtds/struts-2.0.dtd">

<package name="default" extends="struts-default">

<result-type name="tiles" class="org.apac he.struts2.view s.tiles.TilesRe sult" />

<action name="*Link" method="{1}" class="java4s.L ogingEx">
<result name="welcome" type="tiles">we lcome</result>
<result name="editBusin ess" type="tiles">ed itBusiness</result>
<result name="success" type="tiles">su ccess</result>
<result name="expire" type="tiles">ex pire</result>
<result name="logout" type="tiles">lo gout</result>

-------------------------tiles.xml starts -----------
<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE tiles-definitions PUBLIC
"-//Apache Software Foundation//DTD Tiles Configuration 2.0//EN"
"http://tiles.apache.or g/dtds/tiles-config_2_0.dtd" >


<definition name="welcome" template="/baseLayout.jsp" >
<put-attribute name="myHeader" value="/head.jsp"/>
<put-attribute name="myBody" value="/body.jsp"/>
<put-attribute name="myFooter" value="/footer.jsp"/>
<definition name="editBusin ess" extends="welcom e">
<put-attribute name="myBody" value="/editBusiness.js p"/>
<definition name="success" extends="welcom e">
<put-attribute name="myBody" value="/success.jsp"/>
<definition name="logout" extends="welcom e">
<put-attribute name="myBody" value="/logout.jsp"/>
<definition name="expire" extends="welcom e">
<put-attribute name="myBody" value="/expire.jsp"/>

-----------------------LogingEx.java starts --------------
package java4s;
import javax.servlet.h ttp.HttpServlet Request;
import javax.servlet.h ttp.HttpServlet Response;

import org.apache.stru ts2.ServletActi onContext;

import com.opensymphon y.xwork2.Action Support;

public class LogingEx extends ActionSupport {

private static final long serialVersionUI D = -261342589076256 8273L;

private String user;
private String rdto;

public String welcome()
LOG.info("insid e welcome()");
return "welcome";
public String login() throws Exception{
LOG.info("start login()");

if(user != null){
HttpServletRequ est request = ServletActionCo ntext.getReques t();
request.getSess ion().setAttrib ute("user", user);
HttpServletResp onse response = ServletActionCo ntext.getRespon se();
response.sendRe direct("success Link.action");
LOG.info("end login()");
return null;
public String success(){
LOG.info("start success()");
HttpServletResp onse response = ServletActionCo ntext.getRespon se();
response.setHea der("Cache-Control", "no-cache");
response.setHea der("Cache-Control", "no-store");
response.setHea der("Pragma", "no-cache");
response.setDat eHeader("Expire s", 0);
setRdto("rdto1" );
LOG.info("end success()");
return "success";
public String logout(){
return "logout";
public String expire(){
return "expire";
public String getRdto() {
return rdto;

public void setRdto(String rdto) {
this.rdto = rdto;

public String getUser() {
return user;

public void setUser(String user) {
this.user = user;
-----------------------success.jsp starts---------------
<%@ page language="java" contentType="te xt/html; charset=ISO-8859-1"
pageEncoding="I SO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
session.setMaxI nactiveInterval (5);
int timeout = session.getMaxI nactiveInterval ();
response.setHea der("Refresh", timeout + "; URL = logout.jsp");%>
<%String u = (String) request.getSess ion().getAttrib ute("user");
if (u == null ){
String path = request.getCont extPath();
window.location .href='<%=path% >/expireLink.acti on';
out.print("Welc ome "+u);
out.println("<i nput type='button' value='log out' onClick=\"javas cript:location. href = 'logoutLink.act ion'\"/>");%>
------------------------logout.jsp starts ----------------
<%@ page language="java" import="java.ut il.*" pageEncoding="I SO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<title>My JSP 'logout.jsp' starting page</title>
<%request.getSe ssion().setAttr ibute("user", null);%>
Logged out successfully. Click <a href='index.jsp '>here</a> to login again.<br>
-----------------expire.jsp starts--------------
<%@ page language="java" import="java.ut il.*" pageEncoding="I SO-8859-1"%>
String path = request.getCont extPath();
String basePath = request.getSche me()+"://"+request.getSe rverName()+":"+ request.getServ erPort()+path+"/";

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<base href="<%=basePa th%>">

<title>My JSP 'expire.jsp' starting page</title>

<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords " content="keywor d1,keyword2,key word3">
<meta http-equiv="descript ion" content="This is my page">
<link rel="stylesheet " type="text/css" href="styles.cs s">


Your session has expired. Click <a href='index.jsp '>here</a> to login again.<br>
Mar 11 '14 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Jeff | last post by:
I've searched the web for hours trying to figure out this problem and can't seem to find any pertinent answers. I have a website where the user starts on a login page, puts in their credentials and hits a submit button, which then takes the user to a 2nd PHP page which simply runs PHP code that checks the user's credentials from my database,...
by: Dmitri Shvetsov | last post by:
Hi All, Is it possible to disable the backspace button in browser? I wrote a login page, then after login I can allow the user to work in the session. I don't want to allow the user to return back using browser features. If he needs to return back he could press a designed button. Using the standard Backspace button can destroy the usual...
by: va | last post by:
I am using the forms authentication. After clicking on the logout button, I navigate to the default page. But I noticed the user can hit the back button and go back to the previous page nd continue working. I would've thought that logging out using loginstatus would expire the pages, no? Is there something else I should be doing?
by: crescent_au | last post by:
Hi all, I've written a login/logout code. It does what it's supposed to do but the problem is when I logout and press browser's back button (in Firefox), I get to the last login page. In IE, when I press back button, I get to the page that says "Page has Expired" but Firefox does not do this. I think it's something to do with sessions...
by: kamill | last post by:
I have done a logout page for logout from admin section and provides a link to logout from admin section.Whenever i clicked on logout link it redirected to index.php of admin section......BUT when i am tring to go back threw back button of Browser....it send me last visted pages(means sessons not expire properly). How can i solve it... One more...
by: roshni86 | last post by:
I have the following code for a logout of an account in php.However it is not working,as when i press the "back" button,the page returns to the previous page where a user had signed and viewed. <?php //start the session session_start(); //check to make sure the session variable is registered if(session_is_registered('userid')){ ...
by: shrik | last post by:
hi everybody. I have following problem. There are two pages. index.jsp and main.jsp in my application Index.jsp contains logging interface in . It submits password and userid to loginform bean. following are entries in struts-config.xml file <action input="index.jsp" name="loginform" path="/login" scope="session"...
by: romeo971987 | last post by:
disable back button..... page should no do postback... i used history.go, history.back, session.abandon...and many more...but still previous page shows.... help me to expire the previous page.......
by: shahidrasul | last post by:
hi in my project when i click on logout anchor it goes to logout page and my code in logout page is if (Session != null) { Session = null; Session.Abandon(); Response.Clear(); FormsAuthentication.SignOut(); Response.Redirect("login.aspx"); }
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.