dcsimg
How to deal with Browser's back link
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Karan_Malhotra
Posted On:   Saturday, July 13, 2002 12:37 AM

How can I prevent a user to go back on the privious page after logout.I am using with sesion invalidate in my jsp.I want that when user clicks Browser's back link after logout,he should not able to reach the previous page instead redirect him to login screen.

Re: How to deal with Browser's back link

Posted By:   Animesh_Srivastava  
Posted On:   Tuesday, July 16, 2002 10:58 AM

Hi Karan,


There is an almost standard accepted way of acheiving this. When the user successfully logins into the site, set a Session variable (say variable IsUserLoggedIn) to true.


session.setAttribute("IsUserLogged","true")



When the user logs-out set it to false. Now on the top of each of your jsp, just check wether the variable is true or not. If it is false simply do a response.sendRedirect() to the login page. Also, do remember to set caching off. The way to do this would be -


response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader ("Expires", 0);


This would ensure that the browser does not caches your page.


Using a session variable is advisable because it allows you to handle session timeouts and logouts uniformly on all jsp pages, because some browsers (for ex. IE) offer a drop down of the recently visited urls. So even if the user chooses one such url from the IE address bar drop-down, he wont be able to accesss any of the intermediate pages.


Hope that helps.

Animesh.

About | Sitemap | Contact