dhS dhS - 3 months ago 16
Java Question

How to prevent the user to access the history after logout the application

I am working on a SpringMVC application I need to make a logout page. I make the page but when i click the back button on the browser i can see the user data.

How can i prevent the user to access the history after logout the application. Please tell me a solution without using Spring-security.

I am using the following handler method for logout the application.

@RequestMapping("/logout")
public String logout(HttpServletRequest request)
{
request.getSession().invalidate();
return "index";
}


Thank you

Answer

You can add below line at top of your jsp page to not to store history or cache

<%
    response.setHeader("Cache-Control","no-cache,no-store,must-revalidate");//HTTP 1.1
    response.setHeader("Pragma","no-cache"); //HTTP 1.0
    response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
%>