473,326 Members | 2,023 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

On logout disable the back button and expire session

Hi all,
I am developing a web application. I am using Servlet and JSP. After logout the user should not able to see the previous pages and page should navigate to loginpage.jsp.
I have used following code :
Expand|Select|Wrap|Line Numbers
  1. <%
  2. session.invalidate();
  3. response.setHeader("Cache-Control","no-cache"); 
  4. response.setHeader("Cache-Control","no-store"); 
  5. response.setDateHeader("Expires", 0); 
  6. response.sendRedirect("home.jsp");
  7. %>
and
Expand|Select|Wrap|Line Numbers
  1. <meta http-equiv=[COLOR=red]"cache-control"[/COLOR] content=[COLOR=red]"max-age=0, must-revalidate, no-cache, no-store, private"[/COLOR]>
  2. <meta http-equiv=[COLOR=red]"expires"[/COLOR] content=[COLOR=red]"-1"[/COLOR]>
  3.  
  4. <meta http-equiv=[COLOR=red]"pragma"[/COLOR] content=[COLOR=red]"no-cache"[/COLOR]>
The problem is:
Once user click on logout hyper link the page is reforwarding to loginpage.jsp and
after clicking back button the session expire message is coming, but if user again and
again click on back button the user is able to see previous to previous page.which i dont want,

Solution for:
If user click on logout hyper link,all previous browsed pages or history should be
clear and page should redirect to Loginpage.jsp.
Please help me,
Thanks in advance.
Jan 25 '09 #1
5 53804
chaarmann
785 Expert 512MB
Use a frameset.
The outer frame is invisible and holds the inner frame.
So all browsing is done in the inner frame, which shows your application page. When logging out, the inner frame just makes a javascript command to reload the outer frame with url-parameter=login.

So for example if a user comes from google page to your application page, he will be able to move forward and backward, because it all happens inside the inner frame. But if he logs out, the inner frame is destroyed, so if he presses back button, he comes back to google page, and go forward is not possible anymore.
Jan 27 '09 #2
umbr
9
Hi vinodsk101.
You need to prevent pages from caching by browser. Put "no cache" statements in all pages/servlets.
Feb 13 '09 #3
Expand|Select|Wrap|Line Numbers
  1. --------------------------------index.jsp starts-------------
  2.     <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  3.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  4.     <html>
  5.     <head>
  6.     <title>My JSP 'index.jsp' starting page</title>
  7.     </head>
  8.     <body>
  9.     <%request.getSession().setAttribute("user", "Naveen Kumar Vodapally");%>
  10.     <br>
  11.     <input type='button' value='login' onClick="javascript:location.href = 'MyJsp.jsp'"/>
  12.     </body>
  13.     </html>
  14.     -------------------------------MyJsp.jsp starts------------------------
  15.     <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  16.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  17.     <html>
  18.     <head>
  19.     <title>My JSP 'MyJsp.jsp' starting page</title>
  20.     <%response.setHeader("Cache-Control", "no-cache");
  21.     response.setHeader("Cache-Control", "no-store");
  22.     response.setHeader("Pragma", "no-cache");
  23.     response.setDateHeader("Expires", 0);%>
  24.     </head>
  25.     <body>
  26.     <%String u = (String) request.getSession().getAttribute("user");
  27.     if (u != null ) {
  28.     System.out.println("user != null");
  29.     out.print("Welcome "+u);
  30.     }else{
  31.     System.out.println("user == null");
  32.     response.sendRedirect("logout.jsp");
  33.     }%>
  34.     This is my JSP page. <br>
  35.     <input type='button' value='log out' onClick="javascript:location.href = 'logout.jsp'"/>
  36.     </body>
  37.     </html>
  38.     --------------------------------logout.jsp starts----------------------
  39.     <% @ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  40.     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  41.     <html>
  42.     <head>
  43.     <title>My JSP 'logout.jsp' starting page</title>
  44.     </head>
  45.     <body>
  46.     <%request.getSession().setAttribute("user", null);%>
  47.     Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
  48.     </body>
  49.     </html>
Mar 3 '14 #4
POST REDIRECT AND GET (PRG) APPROACH

Expand|Select|Wrap|Line Numbers
  1. --------------index.jsp starts ----------------------
  2. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  3. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  4. <html>
  5.   <head>
  6.     <title>My JSP 'index.jsp' starting page</title>
  7.   </head>
  8.  
  9.   <body>
  10.       <br>
  11.     <form action="MyJsp.jsp" method='post'>
  12.         <input type='text' name='user' value='naveen'/>
  13.         <input type='submit' name='login' value='Login'/>
  14.     </form>
  15.   </body>
  16. </html>
  17.  
  18. -----------------------MyJsp.jsp starts -----------------
  19. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  20. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  21. <html>
  22.   <head>
  23.     <title>My JSP 'MyJsp.jsp' starting page</title>
  24.   </head>
  25.   <body>
  26.   <%request.getSession().setAttribute("user", request.getParameter("user"));%>
  27.   <%String u = (String) request.getSession().getAttribute("user");
  28.     if (u != null ) {
  29.         response.sendRedirect("success.jsp");
  30.     }%>
  31.   </body>
  32. </html>
  33.  
  34. -----------------------success.jsp starts -----------------
  35. <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
  36.     pageEncoding="ISO-8859-1"%>
  37. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  38. <html>
  39. <head>
  40. <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
  41. <title>Insert title here</title>
  42. <%response.setHeader("Cache-Control", "no-cache");
  43.     response.setHeader("Cache-Control", "no-store");
  44.     response.setHeader("Pragma", "no-cache");
  45.     response.setDateHeader("Expires", 0);
  46.     int timeout = session.getMaxInactiveInterval();
  47.     response.setHeader("Refresh", timeout + "; URL = expire.jsp");%>
  48. </head>
  49. <body>
  50. <%String u = (String) request.getSession().getAttribute("user");
  51.     if (u != null ) {
  52.         out.print("Welcome "+u);
  53.     }else{
  54.         response.sendRedirect("expire.jsp");
  55.     }%>
  56.  
  57. <input type='button' value='log out' onClick="javascript:location.href = 'logout.jsp'"/>
  58. </body>
  59. </html>
  60.  
  61. ------------------------logout.jsp starts-----------------
  62. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  63. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  64. <html>
  65.   <head>
  66.     <title>My JSP 'logout.jsp' starting page</title>
  67.   </head>
  68.   <body>
  69.   <%request.getSession().setAttribute("user", null);%>
  70.     Logged out successfully. Click <a href='index.jsp'>here</a> to login again.<br>
  71.   </body>
  72. </html>
  73.  
  74. -----------------------expire.jsp starts------------------
  75. <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
  76. <%
  77. String path = request.getContextPath();
  78. String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
  79. %>
  80.  
  81. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  82. <html>
  83.   <head>
  84.     <base href="<%=basePath%>">
  85.  
  86.     <title>My JSP 'expire.jsp' starting page</title>
  87.  
  88.     <meta http-equiv="pragma" content="no-cache">
  89.     <meta http-equiv="cache-control" content="no-cache">
  90.     <meta http-equiv="expires" content="0">    
  91.     <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
  92.     <meta http-equiv="description" content="This is my page">
  93.     <!--
  94.     <link rel="stylesheet" type="text/css" href="styles.css">
  95.     -->
  96.  
  97.   </head>
  98.  
  99.   <body>
  100.     Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
  101.   </body>
  102. </html>
  103.  
  104. ---------------------The End -------------
Mar 6 '14 #5
--------------------------index.jsp starts-------------------
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=welcomeLink.action">

----------------------baseLayout.jsp starts-----------
<%@ taglib uri="http://tiles.apache.org/tags-tiles" prefix="tiles" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">



<table border="1" align="center" width="400px;">
<tr>
<td height="30" colspan="2">
<tiles:insertAttribute name="myHeader" />
</td>
</tr>
<tr>
<td>
<tiles:insertAttribute name="myBody" />
</td>
</tr>
<tr>
<td>
<tiles:insertAttribute name="myFooter" />
</td>
</tr>
</table>
--------------------head.jsp starts------------
<%@ taglib prefix="s" uri="/struts-tags" %>
<center>
<h4> Header </h4>
----------------------body.jsp starts ------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'index.jsp' starting page</title>
</head>

<body>
<br>
<form action="loginLink.action" method='post'>
<input type='text' name='user' value='naveen'/>
<input type='submit' name='login' value='Login'/>
</form>
</body>
</html>
---------------------struts.xml starts ----------------
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
<package name="default" extends="struts-default">

<result-types>
<result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult" />
</result-types>

<action name="*Link" method="{1}" class="java4s.LogingEx">
<result name="welcome" type="tiles">welcome</result>
<result name="editBusiness" type="tiles">editBusiness</result>
<result name="success" type="tiles">success</result>
<result name="expire" type="tiles">expire</result>
<result name="logout" type="tiles">logout</result>
</action>

</package>
</struts>
-------------------------tiles.xml starts -----------
<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE tiles-definitions PUBLIC
"-//Apache Software Foundation//DTD Tiles Configuration 2.0//EN"
"http://tiles.apache.org/dtds/tiles-config_2_0.dtd">

<tiles-definitions>

<definition name="welcome" template="/baseLayout.jsp">
<put-attribute name="myHeader" value="/head.jsp"/>
<put-attribute name="myBody" value="/body.jsp"/>
<put-attribute name="myFooter" value="/footer.jsp"/>
</definition>
<definition name="editBusiness" extends="welcome">
<put-attribute name="myBody" value="/editBusiness.jsp"/>
</definition>
<definition name="success" extends="welcome">
<put-attribute name="myBody" value="/success.jsp"/>
</definition>
<definition name="logout" extends="welcome">
<put-attribute name="myBody" value="/logout.jsp"/>
</definition>
<definition name="expire" extends="welcome">
<put-attribute name="myBody" value="/expire.jsp"/>
</definition>

</tiles-definitions>
-----------------------LogingEx.java starts --------------
package java4s;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionSupport;

public class LogingEx extends ActionSupport {

private static final long serialVersionUID = -2613425890762568273L;

private String user;
private String rdto;

public String welcome()
{
LOG.info("inside welcome()");
return "welcome";
}
public String login() throws Exception{
LOG.info("start login()");

if(user != null){
HttpServletRequest request = ServletActionContext.getRequest();
request.getSession().setAttribute("user", user);
HttpServletResponse response = ServletActionContext.getResponse();
response.sendRedirect("successLink.action");
}
LOG.info("end login()");
return null;
}
public String success(){
LOG.info("start success()");
HttpServletResponse response = ServletActionContext.getResponse();
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);
setRdto("rdto1");
LOG.info("end success()");
return "success";
}
public String logout(){
return "logout";
}
public String expire(){
return "expire";
}
public String getRdto() {
return rdto;
}

public void setRdto(String rdto) {
this.rdto = rdto;
}

public String getUser() {
return user;
}

public void setUser(String user) {
this.user = user;
}
}
-----------------------success.jsp starts---------------
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
<%
session.setMaxInactiveInterval(5);
int timeout = session.getMaxInactiveInterval();
response.setHeader("Refresh", timeout + "; URL = logout.jsp");%>
</head>
<body>
<%String u = (String) request.getSession().getAttribute("user");
if (u == null ){
String path = request.getContextPath();
%>
<script>
window.location.href='<%=path%>/expireLink.action';
</script>
<%}
out.print("Welcome "+u);
out.println("<input type='button' value='log out' onClick=\"javascript:location.href = 'logoutLink.action'\"/>");%>
</body>
</html>
------------------------logout.jsp starts ----------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'logout.jsp' starting page</title>
</head>
<body>
<%request.getSession().setAttribute("user", null);%>
Logged out successfully. Click <a href='index.jsp'>here</a> to login again.<br>
</body>
</html>
-----------------expire.jsp starts--------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPor t()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">

<title>My JSP 'expire.jsp' starting page</title>

<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->

</head>

<body>
Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
</body>
</html>
Mar 11 '14 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

6
by: Jeff | last post by:
I've searched the web for hours trying to figure out this problem and can't seem to find any pertinent answers. I have a website where the user starts on a login page, puts in their credentials and...
2
by: Dmitri Shvetsov | last post by:
Hi All, Is it possible to disable the backspace button in browser? I wrote a login page, then after login I can allow the user to work in the session. I don't want to allow the user to return...
1
by: va | last post by:
I am using the forms authentication. After clicking on the logout button, I navigate to the default page. But I noticed the user can hit the back button and go back to the previous page nd...
25
by: crescent_au | last post by:
Hi all, I've written a login/logout code. It does what it's supposed to do but the problem is when I logout and press browser's back button (in Firefox), I get to the last login page. In IE,...
12
kamill
by: kamill | last post by:
I have done a logout page for logout from admin section and provides a link to logout from admin section.Whenever i clicked on logout link it redirected to index.php of admin section......BUT when i...
3
by: roshni86 | last post by:
I have the following code for a logout of an account in php.However it is not working,as when i press the "back" button,the page returns to the previous page where a user had signed and viewed. ...
1
by: shrik | last post by:
hi everybody. I have following problem. There are two pages. index.jsp and main.jsp in my application Index.jsp contains logging interface in . It submits password and userid to loginform bean. ...
3
by: romeo971987 | last post by:
disable back button..... page should no do postback... i used history.go, history.back, session.abandon...and many more...but still previous page shows.... help me to expire the previous page.......
4
by: shahidrasul | last post by:
hi in my project when i click on logout anchor it goes to logout page and my code in logout page is if (Session != null) { Session = null; Session.Abandon(); ...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.