[英]view the login page when user click back button after logout in struts
I am doing my project in struts2 and i have created the login pages and logout pages successfully in my project. 我正在struts2中进行项目,并且已经在项目中成功创建了登录页面和注销页面。 But when a user logout and he clicks the back button on the browser user can view the logged in page.
但是,当用户注销并单击浏览器上的“后退”按钮时,用户可以查看已登录的页面。 How can i avoid that?
我如何避免这种情况?
Here is my html of login page 这是我的登录页面的HTML
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@taglib prefix="s" uri="/struts-tags" %>
<% /*
<s:if test="#session.Salesman.username != ''" >
<script type="text/javascript" >
top.location.href = "salesmanHome" ;
</script>
</s:if>
<s:else>
*/%>
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Cache-control" content="no-cache">
<!--++++++DEVELOPED BY WWW.ZOONDIA.IN AND WWW.ZOOCRE8IVE.COM+++++-->
<title>DrDirect</title>
<script src="js/scripts.js" type="text/javascript"></script>
<style type="text/css">@import url("css/styles.css");</style>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Cache-Control" content="no-cache"/>
<meta http-equiv="Expires" content="-1"/>
</head>
<body>
<div class="drDirectHomeWrapper">
<div id="wrapper" class="drSalesBottomSection innerBotSec">
<div class="drLoginWrapper overview">
<div class="drLoginCont">
<div class="drLoginHolder">
<img src="images/drHomeLogo.png" width="203" height="41" alt="" />
<form action="salesManLogin" method="post">
<div class="drLoginField">
<s:if test="hasActionErrors()">
<div class="loginErrorHolder">
<s:actionerror />
</div>
</s:if>
<input type="hidden" name="urlPath" value="<%=request.getServletPath()%>" />
<div class="drLoginNameHolder queryInput">
<label for="userName">User Name</label>
<%--<s:textfield id="userName" theme="simple" name="userName"/>--%>
<input type="text" id="userName" name="userName" autocomplete="off"/>
</div>
<div class="drLoginNameHolder queryInput">
<label for="password">Password</label>
<%-- <s:password theme="simple" name="password" id="password"/> --%>
<input type="password" name="password" id="password" autocomplete="off"/>
</div>
<!-- <input type="submit" class="btnHomeLogIn" value="Login" /> -->
<button type="submit" class="btnHomeLogIn" >Login</button>
<div class="clear"></div>
<p class="homeLoginPassword">
<a href="gotoForgotPassword.action">Lost Your Password?</a>
</p>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
and here is my login Success page 这是我的登录成功页面
<%@taglib prefix="s" uri="/struts-tags" %>
<s:include value="/WEB-INF/salesMan/salesManheader.jsp"/>
<%@page import= "com.myDrDirect.common.MyBase64"%>
<div id="container">
<!--Header-->
<div id="pageHeader">
<s:a action="gotosalesManLogout" >Logout</s:a>
<a href="/" title="DrDirect"><img src="images/pageLogo.png" width="166" height="36" alt="DrDirect" /></a>
</div>
<s:include value="/WEB-INF/salesMan/salesManLeftMenu.jsp" />
<!--Right Col-->
<%
Integer docid = null;
String did = null;
try {
//docid =0;
did = "0";
MyBase64 Base64 = new MyBase64();
byte[] bytedocid = did.getBytes();
did = Base64.encode(bytedocid);
} catch (Exception e) {
e.printStackTrace();
}
%>
<%-- <div id="rightCol" class="tablecell3">
<!--<iframe src="text.html" height="100%" width="100%" frameborder="0" scrolling="no" allowtransparency="yes"></iframe>-->
<div class="drHomeSignUpWrapper">
<div class="drHomeSignUpCont">
<div class="drHomeSignUpHolder">
<img src="images/drHomeLogo.png" width="203" height="41" alt="" />
<a class="btnDrSignUp" title="Presentation">Presentation</a>
<a href="gotosalesManDoctorhome" id="template" class="btnDrSignUp" title="Templates">Templates</a>
<s:form action="" method="post" name="signUpformDoctor" >
<s:hidden name="ID" value="" id="doctorID"/>
<a href="javascript:void(0);" onclick="redirectpagesignUpformDoctor('<%=did%>');" class="btnDrSignUp" title="Sign Up Doctor">Sign Up Doctor</a>
</s:form>
</div>
</div>
</div>
</div>--%>
<!--End Right Col-->
<div id="rightCol" class="tablecell3">
<!--<iframe src="text.html" height="100%" width="100%" frameborder="0" scrolling="no" allowtransparency="yes"></iframe>-->
<div class="rightWrapper removeClass">
<iframe src="salesManhomePage" height="100%" width="100%" id="frameCont" frameborder="0" scrolling="no" name="iframeCenter" allowtransparency="yes"></iframe>
<!-- <div class="bgLeftShadow removeClass"></div>-->
<div class="bgRightShadow removeClass"></div>
</div>
<div class="bgRightWrapBot removeClass"><div class="bgBotRight"><div></div></div></div>
</div>
<%--<s:include value="/WEB-INF/salesMan/salesmanDoctorsList.jsp" />
<s:include value="/WEB-INF/salesMan/salesmanIframe.jsp" />--%>
<s:include value="/WEB-INF/salesMan/salesManFooter.jsp" />
and my salesManHeader.jsp is 而我的salesManHeader.jsp是
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=0, minimum-scale=1.0, maximum-scale=1.0"/>
<!--++++++DEVELOPED BY WWW.ZOONDIA.IN AND WWW.ZOOCRE8IVE.COM+++++-->
<title>DrDirect - Template</title>
<script src="js/scripts.js" type="text/javascript"></script>
<style type="text/css">@import url("css/styles.css");</style>
<script type="text/javascript">contactScroll="yes";</script>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Cache-Control" content="no-cache"/>
<meta http-equiv="Expires" content="-1"/>
</head>
<body style="min-width: 1024px;">
Please check. 请检查。 Is include page will cause a problem here.
是包含页面会在这里引起问题。
Well what @Jordan Arsenault has already said in the comment is fully applicable to your question.This is an issue related to the browser cache and if you have already invalidated the session, so clicking the link will not let user to do anything till he/she log-in to the system @Jordan Arsenault在评论中所说的内容完全适用于您的问题。这是与浏览器缓存有关的问题,如果您已经使会话无效,那么单击链接将不允许用户执行任何操作,直到他/她登录系统
Some of the other work you can do is set HTTP header either in your logout Action class or can create a custom Interceptor with following code something like 您可以做的其他一些工作是在注销Action类中设置HTTP标头,也可以使用以下代码创建自定义拦截器,例如
HttpServletResponse response=null;
response=ServletActionContext.getResponse();
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Expires", "0");
Additionaly you can add these headers to your JSP pages also, but its not 100% sure that server will respect your header untill you are browsing in secure mode (https). 另外,您也可以将这些标头添加到您的JSP页面中,但是不能百分百确定服务器会尊重您的标头,直到您以安全模式(https)进行浏览为止。
Read the following thread from mailing list for similar issue 从邮件列表中阅读以下主题以解决类似问题
Long time(better) solution : You should implement something like session
in your application.Also you may use struts interceptors to filter out any request that goes to server.So when user logs out, session will be destroyed. 长期(更好)的解决方案:您应该在应用程序中实现类似于
session
,也可以使用struts拦截器来过滤所有发送到服务器的请求,因此当用户注销时,session将被销毁。
Short time solution : 短时解决方案:
In your login page, paste this code in onload event: 在您的登录页面中,将此代码粘贴到onload事件中:
window.history.forward(1);
Update 更新
In your login page : 在您的登录页面中:
<body onload="window.history.forward(1);"> //// to disable back button
I assume that you have authorization control (with session) on your password protected area. 我假设您对密码保护区域具有授权控制(带有会话)。 Then you can simply add meta tag for no cahce in your head tags.
然后,您可以在head标签中添加没有标签的meta标签。
<meta http-equiv="Cache-control" content="no-cache">
Hope this works.. 希望这可以..
The content is probably just cached. 内容可能只是被缓存了。
If your application is not super data-heavy just add non-caching headers before any HTML output : 如果您的应用程序不是大量数据,则只需在任何HTML输出之前添加非缓存标头即可:
header('Cache-Control: no-cache, no-store, must-revalidate'); // HTTP 1.1.
header('Pragma: no-cache'); // HTTP 1.0.
That'll be a quick fix. 那将是一个快速修复。
I have tried 我努力了
<%
response.setHeader("Cache-Control","no-cache"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
%>
in my jsp page and 在我的jsp页面中
HttpServletResponse response=null;
response=ServletActionContext.getResponse();
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Expires", "0");
in my java page and 在我的java页面中
write script 写剧本
window.history.forward(1)
scrips in my pages but unfortunately any of these script do nothing on my 在我的页面中滑动,但是不幸的是,这些脚本中的任何一个都对我没有任何作用
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.