Log Out Problem

**Rituparna** · February 24th, 2011, 06:04 AM

Hi,
I 've created a website on Online Hotel Management System, everything is working fine till now in the project but one.
I have this logIn.java file...

package fiveStar;
 
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.*;
import javax.servlet.http.*;
 
/**
 *
 * @author RITU
 */
public class logIn extends HttpServlet {
 
    /** 
     * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");
        PrintWriter out = response.getWriter();
		String type=request.getParameter("logAs");
        String id=request.getParameter("logId");
        String p=request.getParameter("pwd");
 
         try {
            Context c = new InitialContext();
          loginLocal l = (loginLocal) c.lookup("java:global/OnlineHotelManagement/OnlineHotelManagement-ejb/login!pack.loginLocal");
          if(l.logMe(id, p)){
           if(type.equals("Administrator")){
           RequestDispatcher rd=request.getRequestDispatcher("Admnstr.jsp");
          request.getSession(true);
           session.setAttribute("user", type);
           session.setAttribute("url","Admnstr.jsp" );
           rd.forward(request, response);
           }
 else if(type.equals("booker")){
               RequestDispatcher rd=request.getRequestDispatcher("Booking.jsp");
           request.getSession(true);
           session.setAttribute("user", type);
           session.setAttribute("url","Booking.jsp" );
           rd.forward(request, response);
 }
           else{
               RequestDispatcher rd=request.getRequestDispatcher("Error.html");
                rd.forward(request, response);
 }
           }
 
        } catch (NamingException ne) {
            Logger.getLogger(getClass().getName()).log(Level.SEVERE, "exception caught", ne);
            throw new RuntimeException(ne);
        }
 
	}
}

and this logOut.java file..

package fiveStar;
 
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.*;
import javax.servlet.http.*;
 
/**
 *
 * @author RITU
 */
public class logOut extends HttpServlet {
 
    /** 
     * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");
        PrintWriter out = response.getWriter();
        try {
         HttpSession session= request.getSession(false);
         if(session!=null){
          session.removeAttribute("user");
          session.removeAttribute("eml");
          session.removeAttribute("url");
          session.invalidate();
            }
         response.sendRedirect("index.jsp");
        } finally { 
            out.close();
        }
    } 
}

both the files are working, that means i can log in, enter the user page, and after logging out i get redirected to index.jsp. upto this everything is working.
But, then when i am clicking on the Back button on the browser, i get back to the previous page, from where i'd been logged out.
how can i stop the browser to get back to the previous page?
I mean, once logged out, the user should by no means go back to her page without re-logging, not even by clicking on the back button of the browser.
Isn't that possible?
If no, then why is it not possible? if it's possible, how can i make this happen for my code?

thanks in advance..

**Json** · February 28th, 2011, 10:43 AM

Hello there,

Another question is, can you go to the page that requires you to be logged in, even before you have logged in?

If so then I think you might want to have a look at creating a filter and then have this filter check if the user is logged in or not when accessing certain pages and if they're not logged in, they need to be redirected to the login page or any other page of your choice.

// Json

**copeg** · February 28th, 2011, 02:54 PM

To add to Json's suggestion, it sounds like the browser might be caching the previous pages, so when you hit the back button the server might not even receive a request - the client just reloads the cached page. To try and overcome this, set the headers for your pages to tell the browser not to cache the pages. You can find a lot online on how to accomplish this so I won't rehash the instructions, just be aware that some browsers might not respect the no-cache header.

**Rituparna** · March 12th, 2011, 01:10 AM

Thanks, i am trying... let's see if it's works..
or may be i have to check the session variables everytime i enter that page......
may b that'll help.

**Rituparna** · March 15th, 2011, 08:32 AM

Nope, it's not at all working.... dont know why? totally confused........

Thread: Log Out Problem

LinkBack

Thread Tools

Display

Log Out Problem

Related threads:

Re: Log Out Problem

Re: Log Out Problem

Re: Log Out Problem

Re: Log Out Problem