Java Development Tools

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

session invalidate on logout

8681Sep 12 2007 — edited Mar 28 2008

Hi All,

Using Jdev 10.1.3 and ADF Faces. App server deployed on app server 10.1.2

I have a logout link on every page. Which when clicked goes to servlet and there I have this code to invalidate session and send user to login page

Following is that servlet code:----

if (request.getParameter("id9") != null && request.getParameter("id9").equalsIgnoreCase("logout")) {
FacesContext fc = FacesContext.getCurrentInstance();
ExternalContext exct = fc.getExternalContext();
((HttpSession)exct.getSession(true)).invalidate();

response.sendRedirect("uuy/login.jsp");
}

User goes to login screen after clicking logout.

But, then if user starts clicking browser "Back" "Back" "Back" button, he is able to visit all those pages he had been to when he was in session. These pages are just viewable, if he tries to click any links on those expired pages, it gives a stacktrace (atleast good that he is not able to do any functionality)

But, what I really want is, once loggedout, he should not be able to use browser "Back" "Back buttons and should not be able to see those pages he once visited.

any idea ?

thanks,
pp

Locked Post

New comments cannot be posted to this locked post.

Locked on Apr 25 2008

Added on Sep 12 2007

#application-development-in-java, #jdeveloper-and-adf

8 comments

2,537 views