This is typically done in the case of a user logoff in a Java Web project:
Session (). setattribute ("CurrentUser", null);
Or
Session.removeattribute ("CurrentUser");
</pre></p><p> or <pre name= "code" class= "Java" >session.invalidate ();
Then redirect to the login page.
But in this case, after the user logs off to the login page, if the user points to the browser's "Back" button, you can return to the page before the logout, although the session has been emptied.
This is because the browser's fallback is using a local cache.
The following approach prevents the browser from using caching, thereby preventing this from occurring.
New Package Com.example.filter, where you create a new class
import java.io.IOException;
Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
Import Javax.servlet.http.HttpServletResponse;
public class Nocachefilter implements filter{@Override public void Destroy () {//TODO auto-generated method stub @Override public void Dofilter (ServletRequest req, servletresponse Res, Filterchain chain) throws IOException, S
ervletexception {HttpServletResponse HSR = (httpservletresponse) res; Hsr.setheader ("Cache-control", "No-cache, No-store, must-revalidate");
HTTP 1.1. Hsr.setheader ("Pragma", "No-cache");
HTTP 1.0. Hsr.setdateheader ("Expires", 0);
Proxies.
Chain.dofilter (req, res); @Override public void init (Filterconfig arg0) throws Servletexception {//TODO auto-generated method stub}}
The SetHeader in the Dofilter method is to tell the browser not to use the local cache.
Then configure the Web.xml in the
<filter>
<filter-name>noCacheFilter</filter-name>
<filter-class> com.leon.filter.nocachefilter</filter-class>
</filter>
<filter-mapping>
< filter-name>nocachefilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</ Filter-mapping>
Where *.jsp means that any JSP page is filtered using Nocachafilter, you can of course be flexible according to your own situation, only if you do not want to be cached page use.
Of course, I can't forget to add login verification to the page
<%
//Permission Verification
if (Session.getattribute ("CurrentUser") ==null) {
response.sendredirect ("login.jsp");
return;
}
%>