You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Srinivas Jadcharla <jd...@gmail.com> on 2005/11/15 15:55:51 UTC

logout/Back Button problem

Hi There,

I have a problem logging out my Struts Based Web Application.Here iam giving
the code in Logout Action..

request.getSession().removeAttribute("ssn");
request.getSession().removeAttribute("pin");
request.getSession().removeAttribute("parentrole");
request.getSession().invalidate();
response.sendRedirect("/login.jsp");

Once it invalidates the Session iam redirecting the user to login page where
he/she needs to sign in again.But problem is when user clicks back button in
the browser its taking me to secured pages which i dont want.Iam using the
following code in my secured pages but no use.

<%

response.setHeader("pragma", "no-cache");

response.setHeader("Cache-Control", "no-cache");

response.setDateHeader("Expires", -1);

%>

Iam not understanding where exactly iam doing the mistake.Some one please
help me to sort it out.
Thanks In Advance

Srinivas
732-648-9421(Cell)

Re: logout/Back Button problem

Posted by Srinivas Jadcharla <jd...@gmail.com>.

Thanks michael

On 11/15/05, Michael Jouravlev <jm...@gmail.com> wrote:
>
> Firefox? Add "no-store":
>
> response.setHeader("Cache-Control", "no-cache, no-store");
>
> On the other hand, SSL + "no-cache" should work for Firefox as well,
> hmm...
>
> On 11/15/05, Srinivas Jadcharla <jd...@gmail.com> wrote:
> > Hi There,
> >
> > I have a problem logging out my Struts Based Web Application.Here iam
> giving
> > the code in Logout Action..
> >
> > request.getSession().removeAttribute("ssn");
> > request.getSession().removeAttribute("pin");
> > request.getSession().removeAttribute("parentrole");
> > request.getSession().invalidate();
> > response.sendRedirect("/login.jsp");
> >
> > Once it invalidates the Session iam redirecting the user to login page
> where
> > he/she needs to sign in again.But problem is when user clicks back
> button in
> > the browser its taking me to secured pages which i dont want.Iam using
> the
> > following code in my secured pages but no use.
> >
> > <%
> >
> > response.setHeader("pragma", "no-cache");
> >
> > response.setHeader("Cache-Control", "no-cache");
> >
> > response.setDateHeader("Expires", -1);
> >
> > %>
> >
> > Iam not understanding where exactly iam doing the mistake.Some one
> please
> > help me to sort it out.
> > Thanks In Advance
> >
> > Srinivas
> > 732-648-9421(Cell)
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>


--
Thanks & Regards

Srinivas
732-648-9421(Cell)

RE: logout/Back Button problem

Posted by "R.Vijayaraghavan" <rv...@cdacnoida.in>.

> -----Original Message-----
> From: Michael Jouravlev [mailto:jmikus@gmail.com]
> Sent: Tuesday, November 15, 2005 9:18 PM
> To: Struts Users Mailing List
> Subject: Re: logout/Back Button problem
> 
> 
> Firefox? Add "no-store":

This does not work in IE. Any other thing which can be tried?

regards,
vijay.

> 
> response.setHeader("Cache-Control", "no-cache, no-store");
> 
> On the other hand, SSL + "no-cache" should work for Firefox as 
> well, hmm...
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: logout/Back Button problem

Posted by Michael Jouravlev <jm...@gmail.com>.

Firefox? Add "no-store":

response.setHeader("Cache-Control", "no-cache, no-store");

On the other hand, SSL + "no-cache" should work for Firefox as well, hmm...

On 11/15/05, Srinivas Jadcharla <jd...@gmail.com> wrote:
> Hi There,
>
> I have a problem logging out my Struts Based Web Application.Here iam giving
> the code in Logout Action..
>
> request.getSession().removeAttribute("ssn");
> request.getSession().removeAttribute("pin");
> request.getSession().removeAttribute("parentrole");
> request.getSession().invalidate();
> response.sendRedirect("/login.jsp");
>
> Once it invalidates the Session iam redirecting the user to login page where
> he/she needs to sign in again.But problem is when user clicks back button in
> the browser its taking me to secured pages which i dont want.Iam using the
> following code in my secured pages but no use.
>
> <%
>
> response.setHeader("pragma", "no-cache");
>
> response.setHeader("Cache-Control", "no-cache");
>
> response.setDateHeader("Expires", -1);
>
> %>
>
> Iam not understanding where exactly iam doing the mistake.Some one please
> help me to sort it out.
> Thanks In Advance
>
> Srinivas
> 732-648-9421(Cell)
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org