On logout disable the back button and expire session

Use a frameset.
The outer frame is invisible and holds the inner frame.
So all browsing is done in the inner frame, which shows your application page. When logging out, the inner frame just makes a javascript command to reload the outer frame with url-parameter=login.

So for example if a user comes from google page to your application page, he will be able to move forward and backward, because it all happens inside the inner frame. But if he logs out, the inner frame is destroyed, so if he presses back button, he comes back to google page, and go forward is not possible anymore.

Hi vinodsk101.
You need to prevent pages from caching by browser. Put "no cache" statements in all pages/servlets.

POST REDIRECT AND GET (PRG) APPROACH

--------------------------index.jsp starts-------------------
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=welcomeLink.action">

----------------------baseLayout.jsp starts-----------
<%@ taglib uri="http://tiles.apache.org/tags-tiles" prefix="tiles" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



<table border="1" align="center" width="400px;">
<tr>
<td height="30" colspan="2">
<tiles:insertAttribute name="myHeader" />
</td>
</tr>
<tr>
<td>
<tiles:insertAttribute name="myBody" />
</td>
</tr>
<tr>
<td>
<tiles:insertAttribute name="myFooter" />
</td>
</tr>
</table>
--------------------head.jsp starts------------
<%@ taglib prefix="s" uri="/struts-tags" %>
<center>
<h4> Header </h4>
----------------------body.jsp starts ------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'index.jsp' starting page</title>
</head>

<body>
<br>
<form action="loginLink.action" method='post'>
<input type='text' name='user' value='naveen'/>
<input type='submit' name='login' value='Login'/>
</form>
</body>
</html>
---------------------struts.xml starts ----------------
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
<package name="default" extends="struts-default">

<result-types>
<result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult" />
</result-types>

<action name="*Link" method="{1}" class="java4s.LogingEx">
<result name="welcome" type="tiles">welcome</result>
<result name="editBusiness" type="tiles">editBusiness</result>
<result name="success" type="tiles">success</result>
<result name="expire" type="tiles">expire</result>
<result name="logout" type="tiles">logout</result>
</action>

</package>
</struts>
-------------------------tiles.xml starts -----------
<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE tiles-definitions PUBLIC
"-//Apache Software Foundation//DTD Tiles Configuration 2.0//EN"
"http://tiles.apache.org/dtds/tiles-config_2_0.dtd">

<tiles-definitions>

<definition name="welcome" template="/baseLayout.jsp">
<put-attribute name="myHeader" value="/head.jsp"/>
<put-attribute name="myBody" value="/body.jsp"/>
<put-attribute name="myFooter" value="/footer.jsp"/>
</definition>
<definition name="editBusiness" extends="welcome">
<put-attribute name="myBody" value="/editBusiness.jsp"/>
</definition>
<definition name="success" extends="welcome">
<put-attribute name="myBody" value="/success.jsp"/>
</definition>
<definition name="logout" extends="welcome">
<put-attribute name="myBody" value="/logout.jsp"/>
</definition>
<definition name="expire" extends="welcome">
<put-attribute name="myBody" value="/expire.jsp"/>
</definition>

</tiles-definitions>
-----------------------LogingEx.java starts --------------
package java4s;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionSupport;

public class LogingEx extends ActionSupport {

private static final long serialVersionUID = -2613425890762568273L;

private String user;
private String rdto;

public String welcome()
{
LOG.info("inside welcome()");
return "welcome";
}
public String login() throws Exception{
LOG.info("start login()");

if(user != null){
HttpServletRequest request = ServletActionContext.getRequest();
request.getSession().setAttribute("user", user);
HttpServletResponse response = ServletActionContext.getResponse();
response.sendRedirect("successLink.action");
}
LOG.info("end login()");
return null;
}
public String success(){
LOG.info("start success()");
HttpServletResponse response = ServletActionContext.getResponse();
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);
setRdto("rdto1");
LOG.info("end success()");
return "success";
}
public String logout(){
return "logout";
}
public String expire(){
return "expire";
}
public String getRdto() {
return rdto;
}

public void setRdto(String rdto) {
this.rdto = rdto;
}

public String getUser() {
return user;
}

public void setUser(String user) {
this.user = user;
}
}
-----------------------success.jsp starts---------------
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
<%
session.setMaxInactiveInterval(5);
int timeout = session.getMaxInactiveInterval();
response.setHeader("Refresh", timeout + "; URL = logout.jsp");%>
</head>
<body>
<%String u = (String) request.getSession().getAttribute("user");
if (u == null ){
String path = request.getContextPath();
%>
<script>
window.location.href='<%=path%>/expireLink.action';
</script>
<%}
out.print("Welcome "+u);
out.println("<input type='button' value='log out' onClick=\"javascript:location.href = 'logoutLink.action'\"/>");%>
</body>
</html>
------------------------logout.jsp starts ----------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'logout.jsp' starting page</title>
</head>
<body>
<%request.getSession().setAttribute("user", null);%>
Logged out successfully. Click <a href='index.jsp'>here</a> to login again.<br>
</body>
</html>
-----------------expire.jsp starts--------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPor t()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">

<title>My JSP 'expire.jsp' starting page</title>

<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->

</head>

<body>
Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
</body>
</html>