I have a situation- after I logout from a page if Someone click "Go Back" Button in a browser it automatic goes into back page again. In Logout.java (Servlet) I use:
session.invalidate();
request.getRequestDispatcher("index.jsp").forward(request,response);
all is working fine. But after logout if I click Go Back button(Upper Left Corner) in Browser it back where I was. I want to do if I click go back then it must be said Your session is Expiered or Login or something else. How to do it. Please give your valuable suggestion.
I just read about this & I create a servlet FilterURL.java:
public class FilterURL extends HttpServlet implements Filter {
@Override
public void init(FilterConfig config) throws ServletException {
//
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse hsr = (HttpServletResponse) res;
hsr.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
hsr.setHeader("Pragma", "no-cache"); // HTTP 1.0.
hsr.setDateHeader("Expires", 0); // Proxies.
chain.doFilter(req, res);
}
@Override
public void destroy() {
//
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//
}
}
And my web.xml:(under web-app)
<filter>
<filter-name>FilterURL</filter-name>
<filter-class>com.filter.url.sys.FilterURL</filter-class>
</filter>
<filter-mapping>
<filter-name>FilterURL</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
But it wont working. What am i mistake??
I read it from this pages:
- How to use a servlet filter in Java to change an incoming servlet request url?
- Prevent user from seeing previously visited secured page after logout
- http://tutorials.jenkov.com/java-servlets/servlet-filters.html
- servlet session , after logout , when back button of browser is pressed , again the secure page is shown
Its done by this:
Add this in
<head>
section of each page it will prevent this problem.