Security Failure | Java Web Authentication

Asked

Viewed 24 times

0

Context: I am building a CRUD in Java Web to study and acquire knowledge.

I am not using any Framework, only JSTL to have more elegant code in Jsps.

I recently implemented system authentication using Filter and Httpsession. And I also implemented the 'quit' button that calls an action in my system that invalidates the session session.invalidate(); and then redirects to the login.jsp.

Problem: Even invalidating the session and barring requests with Filters, if I click Back' in the browser, I access my system on the last page I downloaded before clicking in '.

I can’t do anything inside the system after 'coming back'. Because, any action is blocked by my Filter, which checks whether the user is logged in or not. However, I would like that when trying to go back the page, the browser always redirects to the login page.

I’m using the Tomcat, in versão 9.

What I’ve already tried: I have tried using forward and redirect. The problem remains in both cases. Currently my code block Logout is like this:

req.getSession().invalidate();
resp.setHeader("Cache-Control","no-cache"); 
resp.setHeader("Cache-Control","no-store"); 
resp.setHeader("Pragma", "no-cache"); // HTTP 1.0.
resp.setHeader("Expires", "0"); // Proxies. 
resp.sendRedirect(typeAction[1]);

Has anyone been there? Could you give a suggestion?

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.