开发者

Problem in page access after logout

When the user logs out of the app and if user clicks on back button he will be able to view the recently visited page and do all the operations ag开发者_如何转开发ain,how to handle this in java?


You need to disable caching for your pages. You can do that by doing something like this:

response.setHeader("Cache-Control", "no-cache");

Read here for more details.


First thing first,

  • Store the user info in the session upon log in
  • Remove that info upon logout. You should also take a look at SessionListener, in the case of time based logouts
  • Every request from the user must go through a filter which checks the information stored in the session at log in time, if found give a go, otherwise redirect to login page.

Caveat: Back button will still work with GET requests. For that consider kgiannakakis's suggestion.

Best of luck.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜