0
Context: I am building a CRUD in Java Web to study and acquire knowledge.
I am not using any Framework, only JSTL to have more elegant code in Jsps.
I recently implemented system authentication using Filter and Httpsession.
And I also implemented the 'quit' button that calls an action in my system that invalidates the session
session.invalidate(); and then redirects to the login.jsp.
Problem: Even invalidating the session and barring requests with Filters, if I click Back' in the browser, I access my system on the last page I downloaded before clicking in '.
I can’t do anything inside the system after 'coming back'. Because, any action is blocked by my Filter, which checks whether the user is logged in or not. However, I would like that when trying to go back the page, the browser always redirects to the login page.
I’m using the Tomcat, in versão 9.
What I’ve already tried: I have tried using forward and redirect. The problem remains in both cases. Currently my code block Logout is like this:
req.getSession().invalidate();
resp.setHeader("Cache-Control","no-cache");
resp.setHeader("Cache-Control","no-store");
resp.setHeader("Pragma", "no-cache"); // HTTP 1.0.
resp.setHeader("Expires", "0"); // Proxies.
resp.sendRedirect(typeAction[1]);
Has anyone been there? Could you give a suggestion?