0

I am setting and getting the session attributes on login page, when i logout the page and press the back button it goes to home page again.

Here is my code,

::::::::::::::::::::::::::**sessionaction.jsp**:::::::::::::::::::::::::::::::::::::: <%@page import="java.util.*" %> <% String str = request.getParameter("UserName"); session.setAttribute("sessUserName", request.getParameter("Password")); %> <% if (session.getAttribute("sessUserName").equals("")) { response.sendRedirect("login.jsp"); %> <% } else { response.sendRedirect("home.jsp"); } %> ::::::::::::::::::::::::::**logout.jsp**:::::::::::::::::::::::::::::::::::::: <%@page import="java.util.*" %> <% //session.invalidate(); session.removeAttribute("sessUserName"); %> You have logged out. Please <a href="login.jsp"><b>Login</b></a>

Kindly guide me.

Improve this question

3 Answers 3

Reset to default
2

Try:

if (session.getAttribute("sessUserName") == null)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Set Cache Headers

response.setHeader("Cache-Control","private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0");

Also

if needed meta tags for Cache-Control

Improve this answer

Comments

1

Root cause, I believe, is already suggested by user sje397(accept his answer), I am only elaborating here. Reason is that your session invalidation is not in sync with the code in your login.jsp.

You are removing the attribute from session which means the below code 

if(session.getAttribute("sessUserName").equals(""))

should be changed to 

if(session.getAttribute("sessUserName")==null)

Others: The back button might just be displaying the home page from its local cache. Try disabling the cache and see if it works.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.