[英]After logout when I click back button in browser still the page accessible while refreshing it works fine
I am having a web page in jsp
and servlet
我在jsp
和servlet
有一个网页
I am login the page and it is redirected into the homepage.jsp
我登录页面,它被重定向到homepage.jsp
In login I am setting session variables as follows in my servlet login.java
as follows: 在登录时,我在我的servlet login.java
设置会话变量,如下所示:
HttpSession ss = rq.getSession(true);
ss.setAttribute("uid", rstusrdetail.getInt(1));
ss.setAttribute("username", rstusrdetail.getString(2));
I have a logout button as well and my logout.java as follows: 我有一个注销按钮和我的logout.java如下:
try {
HttpSession ss = rq.getSession(false);
if (ss.getAttribute("uid") == null || ss.getAttribute("username") == null ) {
rs.sendRedirect("/");
}
rs.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
rs.addHeader("Cache-Control", "post-check=0, pre-check=0");
rs.setHeader("Pragma", "no-cache");
rs.setDateHeader("Expires", 0);
HttpSession session = rq.getSession(false);
session.setAttribute("uid", null);
session.setAttribute("username", null);
session.invalidate();
rs.sendRedirect("/");
} catch (Exception exp) {
RequestDispatcher dd = rq.getRequestDispatcher("/");
dd.forward(rq, rs);
}
After logout when I click the back button it is redirected to the homepage.jsp 注销后,当我单击后退按钮时,它会被重定向到homepage.jsp
If I refresh then I am getting session expire message . 如果我刷新然后我得到会话过期消息。 If I directly access the page also I am getting session expire message. 如果我直接访问该页面,我也会收到会话过期消息。
How can I get on clicking back button to get session expire with out refreshing or is there any ways to disable back button in browser? 如何点击后退按钮以使会话过期而不刷新,或者有没有办法在浏览器中禁用后退按钮?
Added the following code on top of each pages which needs login: 在需要登录的每个页面上添加以下代码:
HttpServletResponse httpResponse = (HttpServletResponse)response;
httpResponse.setHeader("Cache-Control","no-cache, no-store, must-revalidate");
response.addHeader("Cache-Control", "post-check=0, pre-check=0");
httpResponse.setHeader("Pragma","no-cache");
httpResponse.setDateHeader ("Expires", 0);
if (session.getAttribute("uid") == null || session.getAttribute("username") == null ) {
response.sendRedirect("/invalidSession.jsp");
return;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.