This content has been marked as final. Show 2 replies
Typically you would configure a filter that sends the user to the login page if they are not logged in (or have been logged out) .
So when the user logs in, add their user name to the session as an attribute. When they log out remove the userName attribute from the session.
Then all the filter does is check if userName attribute is set. If it is not set it redirects to the login page.
Coming to your code you have requested the browser not to cache the logout page but the previous pages are cached so when u hit the previous button on the browser it will display the previous page which is cached. you have to write this
in every jsp page if none of the jsp page should be cached. if you are making a fresh request for the previous jsp page after logging out still it displays the page with no personal content, I mean the stuff that you are retrieving from the session. it is because you have destroyed the session by linvalidating it. The other content which does not relate to session will still be displayed.
If none of the page should be displayed after logging out even though you request use filters to divert all the requests to a login page if they are not logged in. hope this helps.
Edited by: EJP on 7/02/2013 09:13: cashed -> cached