I am doing my project in struts2 and i have created the login pages and logout pages successfully in my project. But when a user logout and he clicks the back button on the browser user can view the logged in page. How can i avoid that?
Here is my html of login page
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@taglib prefix="s" uri="/struts-tags" %>
<% /*
<s:if test="#session.Salesman.username != ''" >
<script type="text/javascript" >
top.location.href = "salesmanHome" ;
</script>
</s:if>
<s:else>
*/%>
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' ".dtd">
<html xmlns="">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Cache-control" content="no-cache">
<!--++++++DEVELOPED BY WWW.ZOONDIA.IN AND WWW.ZOOCRE8IVE.COM+++++-->
<title>DrDirect</title>
<script src="js/scripts.js" type="text/javascript"></script>
<style type="text/css">@import url("css/styles.css");</style>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Cache-Control" content="no-cache"/>
<meta http-equiv="Expires" content="-1"/>
</head>
<body>
<div class="drDirectHomeWrapper">
<div id="wrapper" class="drSalesBottomSection innerBotSec">
<div class="drLoginWrapper overview">
<div class="drLoginCont">
<div class="drLoginHolder">
<img src="images/drHomeLogo.png" width="203" height="41" alt="" />
<form action="salesManLogin" method="post">
<div class="drLoginField">
<s:if test="hasActionErrors()">
<div class="loginErrorHolder">
<s:actionerror />
</div>
</s:if>
<input type="hidden" name="urlPath" value="<%=request.getServletPath()%>" />
<div class="drLoginNameHolder queryInput">
<label for="userName">User Name</label>
<%--<s:textfield id="userName" theme="simple" name="userName"/>--%>
<input type="text" id="userName" name="userName" autoplete="off"/>
</div>
<div class="drLoginNameHolder queryInput">
<label for="password">Password</label>
<%-- <s:password theme="simple" name="password" id="password"/> --%>
<input type="password" name="password" id="password" autoplete="off"/>
</div>
<!-- <input type="submit" class="btnHomeLogIn" value="Login" /> -->
<button type="submit" class="btnHomeLogIn" >Login</button>
<div class="clear"></div>
<p class="homeLoginPassword">
<a href="gotoForgotPassword.action">Lost Your Password?</a>
</p>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
and here is my login Success page
<%@taglib prefix="s" uri="/struts-tags" %>
<s:include value="/WEB-INF/salesMan/salesManheader.jsp"/>
<%@page import= ".myDrDirectmon.MyBase64"%>
<div id="container">
<!--Header-->
<div id="pageHeader">
<s:a action="gotosalesManLogout" >Logout</s:a>
<a href="/" title="DrDirect"><img src="images/pageLogo.png" width="166" height="36" alt="DrDirect" /></a>
</div>
<s:include value="/WEB-INF/salesMan/salesManLeftMenu.jsp" />
<!--Right Col-->
<%
Integer docid = null;
String did = null;
try {
//docid =0;
did = "0";
MyBase64 Base64 = new MyBase64();
byte[] bytedocid = did.getBytes();
did = Base64.encode(bytedocid);
} catch (Exception e) {
e.printStackTrace();
}
%>
<%-- <div id="rightCol" class="tablecell3">
<!--<iframe src="text.html" height="100%" width="100%" frameborder="0" scrolling="no" allowtransparency="yes"></iframe>-->
<div class="drHomeSignUpWrapper">
<div class="drHomeSignUpCont">
<div class="drHomeSignUpHolder">
<img src="images/drHomeLogo.png" width="203" height="41" alt="" />
<a class="btnDrSignUp" title="Presentation">Presentation</a>
<a href="gotosalesManDoctorhome" id="template" class="btnDrSignUp" title="Templates">Templates</a>
<s:form action="" method="post" name="signUpformDoctor" >
<s:hidden name="ID" value="" id="doctorID"/>
<a href="javascript:void(0);" onclick="redirectpagesignUpformDoctor('<%=did%>');" class="btnDrSignUp" title="Sign Up Doctor">Sign Up Doctor</a>
</s:form>
</div>
</div>
</div>
</div>--%>
<!--End Right Col-->
<div id="rightCol" class="tablecell3">
<!--<iframe src="text.html" height="100%" width="100%" frameborder="0" scrolling="no" allowtransparency="yes"></iframe>-->
<div class="rightWrapper removeClass">
<iframe src="salesManhomePage" height="100%" width="100%" id="frameCont" frameborder="0" scrolling="no" name="iframeCenter" allowtransparency="yes"></iframe>
<!-- <div class="bgLeftShadow removeClass"></div>-->
<div class="bgRightShadow removeClass"></div>
</div>
<div class="bgRightWrapBot removeClass"><div class="bgBotRight"><div></div></div></div>
</div>
<%--<s:include value="/WEB-INF/salesMan/salesmanDoctorsList.jsp" />
<s:include value="/WEB-INF/salesMan/salesmanIframe.jsp" />--%>
<s:include value="/WEB-INF/salesMan/salesManFooter.jsp" />
and my salesManHeader.jsp is
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" ".dtd">
<html xmlns="">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=0, minimum-scale=1.0, maximum-scale=1.0"/>
<!--++++++DEVELOPED BY WWW.ZOONDIA.IN AND WWW.ZOOCRE8IVE.COM+++++-->
<title>DrDirect - Template</title>
<script src="js/scripts.js" type="text/javascript"></script>
<style type="text/css">@import url("css/styles.css");</style>
<script type="text/javascript">contactScroll="yes";</script>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Cache-Control" content="no-cache"/>
<meta http-equiv="Expires" content="-1"/>
</head>
<body style="min-width: 1024px;">
Please check. Is include page will cause a problem here.
I am doing my project in struts2 and i have created the login pages and logout pages successfully in my project. But when a user logout and he clicks the back button on the browser user can view the logged in page. How can i avoid that?
Here is my html of login page
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@taglib prefix="s" uri="/struts-tags" %>
<% /*
<s:if test="#session.Salesman.username != ''" >
<script type="text/javascript" >
top.location.href = "salesmanHome" ;
</script>
</s:if>
<s:else>
*/%>
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' "http://www.w3/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Cache-control" content="no-cache">
<!--++++++DEVELOPED BY WWW.ZOONDIA.IN AND WWW.ZOOCRE8IVE.COM+++++-->
<title>DrDirect</title>
<script src="js/scripts.js" type="text/javascript"></script>
<style type="text/css">@import url("css/styles.css");</style>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Cache-Control" content="no-cache"/>
<meta http-equiv="Expires" content="-1"/>
</head>
<body>
<div class="drDirectHomeWrapper">
<div id="wrapper" class="drSalesBottomSection innerBotSec">
<div class="drLoginWrapper overview">
<div class="drLoginCont">
<div class="drLoginHolder">
<img src="images/drHomeLogo.png" width="203" height="41" alt="" />
<form action="salesManLogin" method="post">
<div class="drLoginField">
<s:if test="hasActionErrors()">
<div class="loginErrorHolder">
<s:actionerror />
</div>
</s:if>
<input type="hidden" name="urlPath" value="<%=request.getServletPath()%>" />
<div class="drLoginNameHolder queryInput">
<label for="userName">User Name</label>
<%--<s:textfield id="userName" theme="simple" name="userName"/>--%>
<input type="text" id="userName" name="userName" autoplete="off"/>
</div>
<div class="drLoginNameHolder queryInput">
<label for="password">Password</label>
<%-- <s:password theme="simple" name="password" id="password"/> --%>
<input type="password" name="password" id="password" autoplete="off"/>
</div>
<!-- <input type="submit" class="btnHomeLogIn" value="Login" /> -->
<button type="submit" class="btnHomeLogIn" >Login</button>
<div class="clear"></div>
<p class="homeLoginPassword">
<a href="gotoForgotPassword.action">Lost Your Password?</a>
</p>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
and here is my login Success page
<%@taglib prefix="s" uri="/struts-tags" %>
<s:include value="/WEB-INF/salesMan/salesManheader.jsp"/>
<%@page import= ".myDrDirect.mon.MyBase64"%>
<div id="container">
<!--Header-->
<div id="pageHeader">
<s:a action="gotosalesManLogout" >Logout</s:a>
<a href="/" title="DrDirect"><img src="images/pageLogo.png" width="166" height="36" alt="DrDirect" /></a>
</div>
<s:include value="/WEB-INF/salesMan/salesManLeftMenu.jsp" />
<!--Right Col-->
<%
Integer docid = null;
String did = null;
try {
//docid =0;
did = "0";
MyBase64 Base64 = new MyBase64();
byte[] bytedocid = did.getBytes();
did = Base64.encode(bytedocid);
} catch (Exception e) {
e.printStackTrace();
}
%>
<%-- <div id="rightCol" class="tablecell3">
<!--<iframe src="text.html" height="100%" width="100%" frameborder="0" scrolling="no" allowtransparency="yes"></iframe>-->
<div class="drHomeSignUpWrapper">
<div class="drHomeSignUpCont">
<div class="drHomeSignUpHolder">
<img src="images/drHomeLogo.png" width="203" height="41" alt="" />
<a class="btnDrSignUp" title="Presentation">Presentation</a>
<a href="gotosalesManDoctorhome" id="template" class="btnDrSignUp" title="Templates">Templates</a>
<s:form action="" method="post" name="signUpformDoctor" >
<s:hidden name="ID" value="" id="doctorID"/>
<a href="javascript:void(0);" onclick="redirectpagesignUpformDoctor('<%=did%>');" class="btnDrSignUp" title="Sign Up Doctor">Sign Up Doctor</a>
</s:form>
</div>
</div>
</div>
</div>--%>
<!--End Right Col-->
<div id="rightCol" class="tablecell3">
<!--<iframe src="text.html" height="100%" width="100%" frameborder="0" scrolling="no" allowtransparency="yes"></iframe>-->
<div class="rightWrapper removeClass">
<iframe src="salesManhomePage" height="100%" width="100%" id="frameCont" frameborder="0" scrolling="no" name="iframeCenter" allowtransparency="yes"></iframe>
<!-- <div class="bgLeftShadow removeClass"></div>-->
<div class="bgRightShadow removeClass"></div>
</div>
<div class="bgRightWrapBot removeClass"><div class="bgBotRight"><div></div></div></div>
</div>
<%--<s:include value="/WEB-INF/salesMan/salesmanDoctorsList.jsp" />
<s:include value="/WEB-INF/salesMan/salesmanIframe.jsp" />--%>
<s:include value="/WEB-INF/salesMan/salesManFooter.jsp" />
and my salesManHeader.jsp is
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=0, minimum-scale=1.0, maximum-scale=1.0"/>
<!--++++++DEVELOPED BY WWW.ZOONDIA.IN AND WWW.ZOOCRE8IVE.COM+++++-->
<title>DrDirect - Template</title>
<script src="js/scripts.js" type="text/javascript"></script>
<style type="text/css">@import url("css/styles.css");</style>
<script type="text/javascript">contactScroll="yes";</script>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Cache-Control" content="no-cache"/>
<meta http-equiv="Expires" content="-1"/>
</head>
<body style="min-width: 1024px;">
Please check. Is include page will cause a problem here.
Share Improve this question edited Feb 17, 2012 at 9:47 user359187 asked Feb 17, 2012 at 5:49 user359187user359187 2,2796 gold badges30 silver badges44 bronze badges 2- 1 The content is probably just cached. When the user clicks the back button and is brought back into the site, can they actually navigate the logged in views? Provided you've destroyed the session on logout... they probably can't actually see any new content or actually browse the site if they try. Clicking any link on the site should log them out. – Jordan Arsenault Commented Feb 17, 2012 at 6:11
- You could do a javascript check on every page that checks to see if there is an actual session, and redirect if here is not. – Stefan H Commented Feb 17, 2012 at 6:14
5 Answers
Reset to default 1Well what @Jordan Arsenault has already said in the ment is fully applicable to your question.This is an issue related to the browser cache and if you have already invalidated the session, so clicking the link will not let user to do anything till he/she log-in to the system
Some of the other work you can do is set HTTP header either in your logout Action class or can create a custom Interceptor with following code something like
HttpServletResponse response=null;
response=ServletActionContext.getResponse();
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Expires", "0");
Additionaly you can add these headers to your JSP pages also, but its not 100% sure that server will respect your header untill you are browsing in secure mode (https).
Read the following thread from mailing list for similar issue
- Browser-Back-Forward-Button-in-Struts2
- Browser_Cache
Long time(better) solution :
You should implement something like session in your application.Also you may use struts interceptors to filter out any request that goes to server.So when user logs out, session will be destroyed.
Short time solution :
In your login page, paste this code in onload event:
window.history.forward(1);
Update
In your login page :
<body onload="window.history.forward(1);"> //// to disable back button
I assume that you have authorization control (with session) on your password protected area. Then you can simply add meta tag for no cahce in your head tags.
<meta http-equiv="Cache-control" content="no-cache">
Hope this works..
The content is probably just cached.
If your application is not super data-heavy just add non-caching headers before any HTML output :
header('Cache-Control: no-cache, no-store, must-revalidate'); // HTTP 1.1.
header('Pragma: no-cache'); // HTTP 1.0.
That'll be a quick fix.
I have tried
<%
response.setHeader("Cache-Control","no-cache"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
%>
in my jsp page and
HttpServletResponse response=null;
response=ServletActionContext.getResponse();
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Expires", "0");
in my java page and
write script
window.history.forward(1)
scrips in my pages but unfortunately any of these script do nothing on my
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745446552a4628073.html
评论列表(0条)