how to code in Java for logout

My question is regarding coding in Java for logout part, I have a code in hand, it return to login page(index.html), but when I click IE "Back" botton it bring me to prevous page.  How can I adjust code such that once I click IE "back", IE redirects me to another page said session terminate or something. thanks for help, here is the logout.java code I have

package org.frb.ny.mg.icr.login;

import javax.servlet.*;
import javax.servlet.http.*;
/**
 * Insert the type's description here.
 */
public class LogOut extends HttpServlet {
/**
 * Process incoming HTTP GET requests
 *
 * @param request Object that encapsulates the request to the servlet
 * @param response Object that encapsulates the response from the servlet
 */
public void doGet(HttpServletRequest req, HttpServletResponse res)
      throws ServletException, java.io.IOException {
          
      HttpSession session = req.getSession(false);
      if (session != null) {
            session.removeAttribute("userId");
            session.removeAttribute("userPw");
            session.removeAttribute("url");
            session.invalidate();
      }
      
      res.sendRedirect("../index.html");
}
}
LVL 1
mijiaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

b3lzCommented:
session.close() ?
0
sudhakar_koundinyaCommented:
OK you can do one thing. If you are dealing all with servlets then below code works for you

package org.frb.ny.mg.icr.login;

import javax.servlet.*;
import javax.servlet.http.*;
/**
 * Insert the type's description here.
 */
public class MyServlet extends HttpServlet {
/**
 * Process incoming HTTP GET requests
 *
 * @param request Object that encapsulates the request to the servlet
 * @param response Object that encapsulates the response from the servlet
 */
public void doGet(HttpServletRequest req, HttpServletResponse res)
     throws ServletException, java.io.IOException {
         
     HttpSession session = req.getSession(false);
     if (session != null) {
          if(session.getAttribute("userId")==null)
           {
                    res.sendRedirect("../error.html");
            }
         
     }
     
   
}
}


and in error.html you shud display that user lnot logged in or something like similar message along with the link to index.html
0
sudhakar_koundinyaCommented:
if it is jsp

the the code is similar here also

<%
         if(session.getAttribute("userId")==null)
           {
                    res.sendRedirect("../error.html");
            }
%>
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

sudhakar_koundinyaCommented:
in the both servlet and jsps of else part you can do ur business logic or whatever it may be
0
b3lzCommented:
If you use that, use it for EVERY page, because otherwise pages browsed to by url's are still visible. A session that is closed will not be return pages in browsercache.
0
sudhakar_koundinyaCommented:
in fact the code should be something like this

_____________________________________

JSPs
______________________________________
<%
response.setHeader("Cache-Control","no-cache"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
response.setHeader("Cache-Control","no-store"); //HTTP 1.1
%>

<%
         if(session.getAttribute("userId")==null)
           {
                    res.sendRedirect("../error.html");
            }
%>












____________________________________________________

SERVLETS

_______________________________________________________


mport javax.servlet.*;
import javax.servlet.http.*;
/**
 * Insert the type's description here.
 */
public class MyServlet extends HttpServlet {
/**
 * Process incoming HTTP GET requests
 *
 * @param request Object that encapsulates the request to the servlet
 * @param response Object that encapsulates the response from the servlet
 */
public void doGet(HttpServletRequest req, HttpServletResponse res)
     throws ServletException, java.io.IOException {
 

res.setHeader("Cache-Control","no-cache"); //HTTP 1.1
res.setHeader("Pragma","no-cache"); //HTTP 1.0
res.setDateHeader ("Expires", 0); //prevents caching at the proxy server
res.setHeader("Cache-Control","no-store"); //HTTP 1.1
       
     HttpSession session = req.getSession(false);
     if (session != null) {
          if(session.getAttribute("userId")==null)
           {
                    res.sendRedirect("../error.html");
            }
         
     }
     
   
}
}
0
sudhakar_koundinyaCommented:
session.close??

Plz show me the method

http://www.spline.de/dokumentation/JAVA/j2ee/javax/servlet/http/HttpSession.html
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpSession.html#method_summary

If session.close() exists also you can't say it prevents caching.

In fact, preventing cahching of browsers is work of response object not the session

Regards
Sudhakar

0
b3lzCommented:
That's true, i was totally wrong. Listen to sudhakar he knows his stuff better then i do :)
0
sudhakar_koundinyaCommented:
Or other than in login servlets or jsps in other jsps and servlets u shud do something like this


<%
response.setHeader("Cache-Control","no-cache"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
response.setHeader("Cache-Control","no-store"); //HTTP 1.1
%>

<%
         if(session.isNew())
           {
                    res.sendRedirect("../error.html");
            }
%>

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sudhakar_koundinyaCommented:
Thanks for points.

May I ask why just 'B' ??
0
mijiaAuthor Commented:
Acctually, I made a mistake, instead of pointing to logout.java file, the links when I click for logout was pointing to login.jsp. that is way. I correct it. it works already. but your suggestion is good. thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.