469,315 Members | 1,933 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,315 developers. It's quick & easy.

On logout disable the back button and expire session

Hi all,
I am developing a web application. I am using Servlet and JSP. After logout the user should not able to see the previous pages and page should navigate to loginpage.jsp.
I have used following code :
Expand|Select|Wrap|Line Numbers
  1. <%
  2. session.invalidate();
  3. response.setHeader("Cache-Control","no-cache"); 
  4. response.setHeader("Cache-Control","no-store"); 
  5. response.setDateHeader("Expires", 0); 
  6. response.sendRedirect("home.jsp");
  7. %>
and
Expand|Select|Wrap|Line Numbers
  1. <meta http-equiv=[COLOR=red]"cache-control"[/COLOR] content=[COLOR=red]"max-age=0, must-revalidate, no-cache, no-store, private"[/COLOR]>
  2. <meta http-equiv=[COLOR=red]"expires"[/COLOR] content=[COLOR=red]"-1"[/COLOR]>
  3.  
  4. <meta http-equiv=[COLOR=red]"pragma"[/COLOR] content=[COLOR=red]"no-cache"[/COLOR]>
The problem is:
Once user click on logout hyper link the page is reforwarding to loginpage.jsp and
after clicking back button the session expire message is coming, but if user again and
again click on back button the user is able to see previous to previous page.which i dont want,

Solution for:
If user click on logout hyper link,all previous browsed pages or history should be
clear and page should redirect to Loginpage.jsp.
Please help me,
Thanks in advance.
Jan 25 '09 #1
5 51339
chaarmann
785 Expert 512MB
Use a frameset.
The outer frame is invisible and holds the inner frame.
So all browsing is done in the inner frame, which shows your application page. When logging out, the inner frame just makes a javascript command to reload the outer frame with url-parameter=login.

So for example if a user comes from google page to your application page, he will be able to move forward and backward, because it all happens inside the inner frame. But if he logs out, the inner frame is destroyed, so if he presses back button, he comes back to google page, and go forward is not possible anymore.
Jan 27 '09 #2
umbr
9
Hi vinodsk101.
You need to prevent pages from caching by browser. Put "no cache" statements in all pages/servlets.
Feb 13 '09 #3
Expand|Select|Wrap|Line Numbers
  1. --------------------------------index.jsp starts-------------
  2.     <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  3.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  4.     <html>
  5.     <head>
  6.     <title>My JSP 'index.jsp' starting page</title>
  7.     </head>
  8.     <body>
  9.     <%request.getSession().setAttribute("user", "Naveen Kumar Vodapally");%>
  10.     <br>
  11.     <input type='button' value='login' onClick="javascript:location.href = 'MyJsp.jsp'"/>
  12.     </body>
  13.     </html>
  14.     -------------------------------MyJsp.jsp starts------------------------
  15.     <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  16.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  17.     <html>
  18.     <head>
  19.     <title>My JSP 'MyJsp.jsp' starting page</title>
  20.     <%response.setHeader("Cache-Control", "no-cache");
  21.     response.setHeader("Cache-Control", "no-store");
  22.     response.setHeader("Pragma", "no-cache");
  23.     response.setDateHeader("Expires", 0);%>
  24.     </head>
  25.     <body>
  26.     <%String u = (String) request.getSession().getAttribute("user");
  27.     if (u != null ) {
  28.     System.out.println("user != null");
  29.     out.print("Welcome "+u);
  30.     }else{
  31.     System.out.println("user == null");
  32.     response.sendRedirect("logout.jsp");
  33.     }%>
  34.     This is my JSP page. <br>
  35.     <input type='button' value='log out' onClick="javascript:location.href = 'logout.jsp'"/>
  36.     </body>
  37.     </html>
  38.     --------------------------------logout.jsp starts----------------------
  39.     <% @ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  40.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  41.     <html>
  42.     <head>
  43.     <title>My JSP 'logout.jsp' starting page</title>
  44.     </head>
  45.     <body>
  46.     <%request.getSession().setAttribute("user", null);%>
  47.     Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
  48.     </body>
  49.     </html>
Mar 3 '14 #4
POST REDIRECT AND GET (PRG) APPROACH

Expand|Select|Wrap|Line Numbers
  1. --------------index.jsp starts ----------------------
  2. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  3. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  4. <html>
  5.   <head>
  6.     <title>My JSP 'index.jsp' starting page</title>
  7.   </head>
  8.  
  9.   <body>
  10.       <br>
  11.     <form action="MyJsp.jsp" method='post'>
  12.         <input type='text' name='user' value='naveen'/>
  13.         <input type='submit' name='login' value='Login'/>
  14.     </form>
  15.   </body>
  16. </html>
  17.  
  18. -----------------------MyJsp.jsp starts -----------------
  19. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  20. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  21. <html>
  22.   <head>
  23.     <title>My JSP 'MyJsp.jsp' starting page</title>
  24.   </head>
  25.   <body>
  26.   <%request.getSession().setAttribute("user", request.getParameter("user"));%>
  27.   <%String u = (String) request.getSession().getAttribute("user");
  28.     if (u != null ) {
  29.         response.sendRedirect("success.jsp");
  30.     }%>
  31.   </body>
  32. </html>
  33.  
  34. -----------------------success.jsp starts -----------------
  35. <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
  36.     pageEncoding="ISO-8859-1"%>
  37. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  38. <html>
  39. <head>
  40. <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
  41. <title>Insert title here</title>
  42. <%response.setHeader("Cache-Control", "no-cache");
  43.     response.setHeader("Cache-Control", "no-store");
  44.     response.setHeader("Pragma", "no-cache");
  45.     response.setDateHeader("Expires", 0);
  46.     int timeout = session.getMaxInactiveInterval();
  47.     response.setHeader("Refresh", timeout + "; URL = expire.jsp");%>
  48. </head>
  49. <body>
  50. <%String u = (String) request.getSession().getAttribute("user");
  51.     if (u != null ) {
  52.         out.print("Welcome "+u);
  53.     }else{
  54.         response.sendRedirect("expire.jsp");
  55.     }%>
  56.  
  57. <input type='button' value='log out' onClick="javascript:location.href = 'logout.jsp'"/>
  58. </body>
  59. </html>
  60.  
  61. ------------------------logout.jsp starts-----------------
  62. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  63. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  64. <html>
  65.   <head>
  66.     <title>My JSP 'logout.jsp' starting page</title>
  67.   </head>
  68.   <body>
  69.   <%request.getSession().setAttribute("user", null);%>
  70.     Logged out successfully. Click <a href='index.jsp'>here</a> to login again.<br>
  71.   </body>
  72. </html>
  73.  
  74. -----------------------expire.jsp starts------------------
  75. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  76. <%
  77. String path = request.getContextPath();
  78. String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
  79. %>
  80.  
  81. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  82. <html>
  83.   <head>
  84.     <base href="<%=basePath%>">
  85.  
  86.     <title>My JSP 'expire.jsp' starting page</title>
  87.  
  88.     <meta http-equiv="pragma" content="no-cache">
  89.     <meta http-equiv="cache-control" content="no-cache">
  90.     <meta http-equiv="expires" content="0">    
  91.     <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
  92.     <meta http-equiv="description" content="This is my page">
  93.     <!--
  94.     <link rel="stylesheet" type="text/css" href="styles.css">
  95.     -->
  96.  
  97.   </head>
  98.  
  99.   <body>
  100.     Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
  101.   </body>
  102. </html>
  103.  
  104. ---------------------The End -------------
Mar 6 '14 #5
--------------------------index.jsp starts-------------------
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=welcomeLink.action">

----------------------baseLayout.jsp starts-----------
<%@ taglib uri="http://tiles.apache.org/tags-tiles" prefix="tiles" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



<table border="1" align="center" width="400px;">
<tr>
<td height="30" colspan="2">
<tiles:insertAttribute name="myHeader" />
</td>
</tr>
<tr>
<td>
<tiles:insertAttribute name="myBody" />
</td>
</tr>
<tr>
<td>
<tiles:insertAttribute name="myFooter" />
</td>
</tr>
</table>
--------------------head.jsp starts------------
<%@ taglib prefix="s" uri="/struts-tags" %>
<center>
<h4> Header </h4>
----------------------body.jsp starts ------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'index.jsp' starting page</title>
</head>

<body>
<br>
<form action="loginLink.action" method='post'>
<input type='text' name='user' value='naveen'/>
<input type='submit' name='login' value='Login'/>
</form>
</body>
</html>
---------------------struts.xml starts ----------------
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
<package name="default" extends="struts-default">

<result-types>
<result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult" />
</result-types>

<action name="*Link" method="{1}" class="java4s.LogingEx">
<result name="welcome" type="tiles">welcome</result>
<result name="editBusiness" type="tiles">editBusiness</result>
<result name="success" type="tiles">success</result>
<result name="expire" type="tiles">expire</result>
<result name="logout" type="tiles">logout</result>
</action>

</package>
</struts>
-------------------------tiles.xml starts -----------
<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE tiles-definitions PUBLIC
"-//Apache Software Foundation//DTD Tiles Configuration 2.0//EN"
"http://tiles.apache.org/dtds/tiles-config_2_0.dtd">

<tiles-definitions>

<definition name="welcome" template="/baseLayout.jsp">
<put-attribute name="myHeader" value="/head.jsp"/>
<put-attribute name="myBody" value="/body.jsp"/>
<put-attribute name="myFooter" value="/footer.jsp"/>
</definition>
<definition name="editBusiness" extends="welcome">
<put-attribute name="myBody" value="/editBusiness.jsp"/>
</definition>
<definition name="success" extends="welcome">
<put-attribute name="myBody" value="/success.jsp"/>
</definition>
<definition name="logout" extends="welcome">
<put-attribute name="myBody" value="/logout.jsp"/>
</definition>
<definition name="expire" extends="welcome">
<put-attribute name="myBody" value="/expire.jsp"/>
</definition>

</tiles-definitions>
-----------------------LogingEx.java starts --------------
package java4s;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionSupport;

public class LogingEx extends ActionSupport {

private static final long serialVersionUID = -2613425890762568273L;

private String user;
private String rdto;

public String welcome()
{
LOG.info("inside welcome()");
return "welcome";
}
public String login() throws Exception{
LOG.info("start login()");

if(user != null){
HttpServletRequest request = ServletActionContext.getRequest();
request.getSession().setAttribute("user", user);
HttpServletResponse response = ServletActionContext.getResponse();
response.sendRedirect("successLink.action");
}
LOG.info("end login()");
return null;
}
public String success(){
LOG.info("start success()");
HttpServletResponse response = ServletActionContext.getResponse();
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);
setRdto("rdto1");
LOG.info("end success()");
return "success";
}
public String logout(){
return "logout";
}
public String expire(){
return "expire";
}
public String getRdto() {
return rdto;
}

public void setRdto(String rdto) {
this.rdto = rdto;
}

public String getUser() {
return user;
}

public void setUser(String user) {
this.user = user;
}
}
-----------------------success.jsp starts---------------
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
<%
session.setMaxInactiveInterval(5);
int timeout = session.getMaxInactiveInterval();
response.setHeader("Refresh", timeout + "; URL = logout.jsp");%>
</head>
<body>
<%String u = (String) request.getSession().getAttribute("user");
if (u == null ){
String path = request.getContextPath();
%>
<script>
window.location.href='<%=path%>/expireLink.action';
</script>
<%}
out.print("Welcome "+u);
out.println("<input type='button' value='log out' onClick=\"javascript:location.href = 'logoutLink.action'\"/>");%>
</body>
</html>
------------------------logout.jsp starts ----------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'logout.jsp' starting page</title>
</head>
<body>
<%request.getSession().setAttribute("user", null);%>
Logged out successfully. Click <a href='index.jsp'>here</a> to login again.<br>
</body>
</html>
-----------------expire.jsp starts--------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPor t()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">

<title>My JSP 'expire.jsp' starting page</title>

<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->

</head>

<body>
Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
</body>
</html>
Mar 11 '14 #6

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

6 posts views Thread by Jeff | last post: by
2 posts views Thread by Dmitri Shvetsov | last post: by
1 post views Thread by va | last post: by
25 posts views Thread by crescent_au | last post: by
1 post views Thread by shrik | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by suresh191 | last post: by
reply views Thread by harlem98 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.