在Logout Servlet中使会话无效 [英] Invalidate session in Logout Servlet

问题描述

HttpSession session  = request.getSession();
try
{      
    session.removeAttribute("logonSessData");
    session.invalidate();                               
    String pageToForward = request.getContextPath();
    response.sendRedirect(pageToForward);           
}
catch (Exception sqle)
{
    System.out.println("error UserValidateServlet message : " + sqle.getMessage());
    System.out.println("error UserValidateServlet exception : " + sqle);
}

在Logout servlet中我在 doPost中写了上面的代码和 doGet 方法。注销后会显示登录屏幕然后如果我按下后退按钮会在注销前显示上一屏幕，然后如果我点击任何页面显示HTTP状态500，现在如果我按 F5 那么它就会加热登录Servlet并获得用户的完全访问权限。

in Logout servlet I wrote above code in doPost and doGet method. After logout it shows login screen and then if I press back button it shows previous screen before logout and then if I click on any page it shows "HTTP Status 500" and now if I press F5 then it's heating login Servlet and getting the full access of user.

如何停止此问题显示退出后使用后退按钮和 F5 用户无法使用任何页面？

How to stop this problem show that after Logout using back button and F5 user can not use any page?

推荐答案

你做得很好。浏览器正在缓存之前的页面，当您单击后退按钮时，它将转到上一个缓存页面。

What you are doing is good. Browser is caching the previous pages, and when you click back button it is taking to previous cached page.

您需要添加不允许浏览器缓存页面的缓存标头。

You need to add Cache headers which does not allow browser to cache page.

Cache-Control: no-cache

这篇关于在Logout Servlet中使会话无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！