On logout disable the back button and expire session

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • vinodsk101
    New Member
    • Oct 2008
    • 9
    #1

    On logout disable the back button and expire session

    Hi all,
    I am developing a web application. I am using Servlet and JSP. After logout the user should not able to see the previous pages and page should navigate to loginpage.jsp.
    I have used following code :
    Code:
    <%
session.invalidate();
response.setHeader("Cache-Control","no-cache"); 
response.setHeader("Cache-Control","no-store"); 
response.setDateHeader("Expires", 0); 
response.sendRedirect("home.jsp");
%>
    and
    Code:
    <meta http-equiv=[COLOR=red]"cache-control"[/COLOR] content=[COLOR=red]"max-age=0, must-revalidate, no-cache, no-store, private"[/COLOR]>
<meta http-equiv=[COLOR=red]"expires"[/COLOR] content=[COLOR=red]"-1"[/COLOR]>

<meta http-equiv=[COLOR=red]"pragma"[/COLOR] content=[COLOR=red]"no-cache"[/COLOR]>
    The problem is:
    Once user click on logout hyper link the page is reforwarding to loginpage.jsp and
    after clicking back button the session expire message is coming, but if user again and
    again click on back button the user is able to see previous to previous page.which i dont want,

    Solution for:
    If user click on logout hyper link,all previous browsed pages or history should be
    clear and page should redirect to Loginpage.jsp.
    Please help me,
    Thanks in advance.
    Last edited by Nepomuk; Feb 16 '09, 09:45 AM. Reason: Please use [CODE] tags
    Tags: None
    • chaarmann
      Recognized Expert Contributor
      • Nov 2007
      • 785
      #2
      Use a frameset.
      The outer frame is invisible and holds the inner frame.
      So all browsing is done in the inner frame, which shows your application page. When logging out, the inner frame just makes a javascript command to reload the outer frame with url-parameter=login .

      So for example if a user comes from google page to your application page, he will be able to move forward and backward, because it all happens inside the inner frame. But if he logs out, the inner frame is destroyed, so if he presses back button, he comes back to google page, and go forward is not possible anymore.

        Comment

        • umbr
          New Member
          • Feb 2009
          • 9
          #3
          Hi vinodsk101.
          You need to prevent pages from caching by browser. Put "no cache" statements in all pages/servlets.

            Comment

            • naveen vodapall
              New Member
              • Mar 2014
              • 3
              #4
              Code:
              --------------------------------index.jsp starts-------------
    <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
    <title>My JSP 'index.jsp' starting page</title>
    </head>
    <body>
    <%request.getSession().setAttribute("user", "Naveen Kumar Vodapally");%>
    <br>
    <input type='button' value='login' onClick="javascript:location.href = 'MyJsp.jsp'"/>
    </body>
    </html>
    -------------------------------MyJsp.jsp starts------------------------
    <%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
    <title>My JSP 'MyJsp.jsp' starting page</title>
    <%response.setHeader("Cache-Control", "no-cache");
    response.setHeader("Cache-Control", "no-store");
    response.setHeader("Pragma", "no-cache");
    response.setDateHeader("Expires", 0);%>
    </head>
    <body>
    <%String u = (String) request.getSession().getAttribute("user");
    if (u != null ) {
    System.out.println("user != null");
    out.print("Welcome "+u);
    }else{
    System.out.println("user == null");
    response.sendRedirect("logout.jsp");
    }%>
    This is my JSP page. <br>
    <input type='button' value='log out' onClick="javascript:location.href = 'logout.jsp'"/>
    </body>
    </html>
    --------------------------------logout.jsp starts----------------------
    <% @ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
    <title>My JSP 'logout.jsp' starting page</title>
    </head>
    <body>
    <%request.getSession().setAttribute("user", null);%>
    Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
    </body>
    </html>
              Last edited by Rabbit; Mar 3 '14, 04:47 PM. Reason: Please use [code] and [/code] tags when posting code or formatted data.

                Comment

                • naveen vodapall
                  New Member
                  • Mar 2014
                  • 3
                  #5
                  POST REDIRECT AND GET (PRG) APPROACH

                  Code:
                  --------------index.jsp starts ----------------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>My JSP 'index.jsp' starting page</title>
  </head>
  
  <body>
  	<br>
	<form action="MyJsp.jsp" method='post'>
		<input type='text' name='user' value='naveen'/>
		<input type='submit' name='login' value='Login'/>
	</form>
  </body>
</html>

-----------------------MyJsp.jsp starts -----------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>My JSP 'MyJsp.jsp' starting page</title>
  </head>
  <body>
  <%request.getSession().setAttribute("user", request.getParameter("user"));%>
  <%String u = (String) request.getSession().getAttribute("user");
	if (u != null ) {
		response.sendRedirect("success.jsp");
	}%>
  </body>
</html>

-----------------------success.jsp starts -----------------
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
<%response.setHeader("Cache-Control", "no-cache");
	response.setHeader("Cache-Control", "no-store");
	response.setHeader("Pragma", "no-cache");
	response.setDateHeader("Expires", 0);
	int timeout = session.getMaxInactiveInterval();
	response.setHeader("Refresh", timeout + "; URL = expire.jsp");%>
</head>
<body>
<%String u = (String) request.getSession().getAttribute("user");
	if (u != null ) {
		out.print("Welcome "+u);
	}else{
		response.sendRedirect("expire.jsp");
	}%>

<input type='button' value='log out' onClick="javascript:location.href = 'logout.jsp'"/>
</body>
</html>

------------------------logout.jsp starts-----------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>My JSP 'logout.jsp' starting page</title>
  </head>
  <body>
  <%request.getSession().setAttribute("user", null);%>
    Logged out successfully. Click <a href='index.jsp'>here</a> to login again.<br>
  </body>
</html>

-----------------------expire.jsp starts------------------
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'expire.jsp' starting page</title>
    
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="expires" content="0">    
	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
	<meta http-equiv="description" content="This is my page">
	<!--
	<link rel="stylesheet" type="text/css" href="styles.css">
	-->

  </head>
  
  <body>
    Your session has expired. Click <a href='index.jsp'>here</a> to login again.<br>
  </body>
</html>

---------------------The End -------------
                  Last edited by Rabbit; Mar 6 '14, 04:35 PM. Reason: Please use [code] and [/code] tags when posting code or formatted data. Second warning.

                    Comment

                    • naveen vodapall
                      New Member
                      • Mar 2014
                      • 3
                      #6
                      --------------------------index.jsp starts-------------------
                      <META HTTP-EQUIV="Refresh" CONTENT="0;URL= welcomeLink.act ion">

                      ----------------------baseLayout.jsp starts-----------
                      <%@ taglib uri="http://tiles.apache.or g/tags-tiles" prefix="tiles" %>
                      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
                      "http://www.w3.org/TR/html4/loose.dtd">



                      <table border="1" align="center" width="400px;">
                      <tr>
                      <td height="30" colspan="2">
                      <tiles:insertAt tribute name="myHeader" />
                      </td>
                      </tr>
                      <tr>
                      <td>
                      <tiles:insertAt tribute name="myBody" />
                      </td>
                      </tr>
                      <tr>
                      <td>
                      <tiles:insertAt tribute name="myFooter" />
                      </td>
                      </tr>
                      </table>
                      --------------------head.jsp starts------------
                      <%@ taglib prefix="s" uri="/struts-tags" %>
                      <center>
                      <h4> Header </h4>
                      ----------------------body.jsp starts ------------
                      <%@ page language="java" import="java.ut il.*" pageEncoding="I SO-8859-1"%>
                      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
                      <html>
                      <head>
                      <title>My JSP 'index.jsp' starting page</title>
                      </head>

                      <body>
                      <br>
                      <form action="loginLi nk.action" method='post'>
                      <input type='text' name='user' value='naveen'/>
                      <input type='submit' name='login' value='Login'/>
                      </form>
                      </body>
                      </html>
                      ---------------------struts.xml starts ----------------
                      <?xml version="1.0" encoding="UTF-8"?>

                      <!DOCTYPE struts PUBLIC
                      "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
                      "http://struts.apache.o rg/dtds/struts-2.0.dtd">

                      <struts>
                      <package name="default" extends="struts-default">

                      <result-types>
                      <result-type name="tiles" class="org.apac he.struts2.view s.tiles.TilesRe sult" />
                      </result-types>

                      <action name="*Link" method="{1}" class="java4s.L ogingEx">
                      <result name="welcome" type="tiles">we lcome</result>
                      <result name="editBusin ess" type="tiles">ed itBusiness</result>
                      <result name="success" type="tiles">su ccess</result>
                      <result name="expire" type="tiles">ex pire</result>
                      <result name="logout" type="tiles">lo gout</result>
                      </action>

                      </package>
                      </struts>
                      -------------------------tiles.xml starts -----------
                      <?xml version="1.0" encoding="UTF-8" ?>

                      <!DOCTYPE tiles-definitions PUBLIC
                      "-//Apache Software Foundation//DTD Tiles Configuration 2.0//EN"
                      "http://tiles.apache.or g/dtds/tiles-config_2_0.dtd" >

                      <tiles-definitions>

                      <definition name="welcome" template="/baseLayout.jsp" >
                      <put-attribute name="myHeader" value="/head.jsp"/>
                      <put-attribute name="myBody" value="/body.jsp"/>
                      <put-attribute name="myFooter" value="/footer.jsp"/>
                      </definition>
                      <definition name="editBusin ess" extends="welcom e">
                      <put-attribute name="myBody" value="/editBusiness.js p"/>
                      </definition>
                      <definition name="success" extends="welcom e">
                      <put-attribute name="myBody" value="/success.jsp"/>
                      </definition>
                      <definition name="logout" extends="welcom e">
                      <put-attribute name="myBody" value="/logout.jsp"/>
                      </definition>
                      <definition name="expire" extends="welcom e">
                      <put-attribute name="myBody" value="/expire.jsp"/>
                      </definition>

                      </tiles-definitions>
                      -----------------------LogingEx.java starts --------------
                      package java4s;
                      import javax.servlet.h ttp.HttpServlet Request;
                      import javax.servlet.h ttp.HttpServlet Response;

                      import org.apache.stru ts2.ServletActi onContext;

                      import com.opensymphon y.xwork2.Action Support;

                      public class LogingEx extends ActionSupport {

                      private static final long serialVersionUI D = -261342589076256 8273L;

                      private String user;
                      private String rdto;

                      public String welcome()
                      {
                      LOG.info("insid e welcome()");
                      return "welcome";
                      }
                      public String login() throws Exception{
                      LOG.info("start login()");

                      if(user != null){
                      HttpServletRequ est request = ServletActionCo ntext.getReques t();
                      request.getSess ion().setAttrib ute("user", user);
                      HttpServletResp onse response = ServletActionCo ntext.getRespon se();
                      response.sendRe direct("success Link.action");
                      }
                      LOG.info("end login()");
                      return null;
                      }
                      public String success(){
                      LOG.info("start success()");
                      HttpServletResp onse response = ServletActionCo ntext.getRespon se();
                      response.setHea der("Cache-Control", "no-cache");
                      response.setHea der("Cache-Control", "no-store");
                      response.setHea der("Pragma", "no-cache");
                      response.setDat eHeader("Expire s", 0);
                      setRdto("rdto1" );
                      LOG.info("end success()");
                      return "success";
                      }
                      public String logout(){
                      return "logout";
                      }
                      public String expire(){
                      return "expire";
                      }
                      public String getRdto() {
                      return rdto;
                      }

                      public void setRdto(String rdto) {
                      this.rdto = rdto;
                      }

                      public String getUser() {
                      return user;
                      }

                      public void setUser(String user) {
                      this.user = user;
                      }
                      }
                      -----------------------success.jsp starts---------------
                      <%@ page language="java" contentType="te xt/html; charset=ISO-8859-1"
                      pageEncoding="I SO-8859-1"%>
                      <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
                      <html>
                      <head>
                      <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
                      <title>Insert title here</title>
                      <%
                      session.setMaxI nactiveInterval (5);
                      int timeout = session.getMaxI nactiveInterval ();
                      response.setHea der("Refresh", timeout + "; URL = logout.jsp");%>
                      </head>
                      <body>
                      <%String u = (String) request.getSess ion().getAttrib ute("user");
                      if (u == null ){
                      String path = request.getCont extPath();
                      %>
                      <script>
                      window.location .href='<%=path% >/expireLink.acti on';
                      </script>
                      <%}
                      out.print("Welc ome "+u);
                      out.println("<i nput type='button' value='log out' onClick=\"javas cript:location. href = 'logoutLink.act ion'\"/>");%>
                      </body>
                      </html>
                      ------------------------logout.jsp starts ----------------
                      <%@ page language="java" import="java.ut il.*" pageEncoding="I SO-8859-1"%>
                      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
                      <html>
                      <head>
                      <title>My JSP 'logout.jsp' starting page</title>
                      </head>
                      <body>
                      <%request.getSe ssion().setAttr ibute("user", null);%>
                      Logged out successfully. Click <a href='index.jsp '>here</a> to login again.<br>
                      </body>
                      </html>
                      -----------------expire.jsp starts--------------
                      <%@ page language="java" import="java.ut il.*" pageEncoding="I SO-8859-1"%>
                      <%
                      String path = request.getCont extPath();
                      String basePath = request.getSche me()+"://"+request.getSe rverName()+":"+ request.getServ erPort()+path+"/";
                      %>

                      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
                      <html>
                      <head>
                      <base href="<%=basePa th%>">

                      <title>My JSP 'expire.jsp' starting page</title>

                      <meta http-equiv="pragma" content="no-cache">
                      <meta http-equiv="cache-control" content="no-cache">
                      <meta http-equiv="expires" content="0">
                      <meta http-equiv="keywords " content="keywor d1,keyword2,key word3">
                      <meta http-equiv="descript ion" content="This is my page">
                      <!--
                      <link rel="stylesheet " type="text/css" href="styles.cs s">
                      -->

                      </head>

                      <body>
                      Your session has expired. Click <a href='index.jsp '>here</a> to login again.<br>
                      </body>
                      </html>

                        Comment

                        Previous template Next
                        Working...