Problem in page access after logout
When the user logs out of the app and if user clicks on back button he will be able to view the recently visited page and do all the operations ag开发者_如何转开发ain,how to handle this in java?
You need to disable caching for your pages. You can do that by doing something like this:
response.setHeader("Cache-Control", "no-cache");
Read here for more details.
First thing first,
- Store the user info in the session upon log in
- Remove that info upon logout. You should also take a look at
SessionListener
, in the case of time based logouts - Every request from the user must go through a filter which checks the information stored in the session at log in time, if found give a go, otherwise redirect to login page.
Caveat: Back button will still work with GET requests. For that consider kgiannakakis's suggestion.
Best of luck.
精彩评论