Stop user from cliking back button after logging out

How can I stop the user from clicking the back when they had clicked the log out link...?
<%@ page language="java" %>
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
</body>
<script language="JavaScript" type="text/JavaScript">
function refreshIt() {
setTimeout('window.parent.location.reload()', 7 * 1000);
<%
session.removeAttribute("username");
session.invalidate();
response.sendRedirect( response.encodeRedirectUrl("index.jsp?message=You had logged out from the system"));
%>
document.onload = refreshIt();
</script>
</html>

You can NOT stop the user from clicking the "back" button.
However, all is not lost.
Since you're invalidating the session, simply have every page that requires the user to be logged in check for a valid session before proceeding. Put that code into an "include" file. If the session is invalidated, redirect the user back to the "Please Login" page. Do this IMMEDIATELY before doing ANYTHING.
Another technique, but is essentially the same thing, is to "logout" to a page with javascript that redirects the user to the "You are Now Logged Out" page, with either a "redirect" or a "window.forward()" call. When the user clicks "back", they'll return to the page with the javascript that redirects the user to the "You are Now Logged Out" page. The only problem with that is that savvy users using IE can click the "history" portion of the "back" button, and go back 2, 3, 4, etc. pages if they want to.
Therefore, you'll still have to write the code at the beginning of every page that kicks the user back to "Please Login" if the session was invalidated.

Similar Messages

  • Authenticate when user clicks back button after logging out

    Hi All,
    Is there a way that the user can be forced to authenticate, if he has just logged out, and then clicks the back button.
    I have a situation where a user who is working on relatively sensitive data logs out (yeees they should close the browser and all, but they never obey instructions... ) and someone else can come around and click the back button, and see what what he had been working on.
    Is there a way to disable this behaviour, or otherwise force a reload/re-authentication.
    Thanks.

    Hi there,
    You can accomplish this by writing this code in each page of your application
    Write this in your html header:
    <script type="text/javascript">
    javascript:history.go(1);
    </script>and write this in Page HTML Body Attribute:
    onunload="javascript:history.go(1)";It will not allow your users to go back.
    Thanks
    Tauceef

  • Avoid browser caching after log out

    Hi all
    Once i logout. i am able to go in to the application using the browser back button .
    how to restrict this back action after log out .
    i tried with the header
    session.invalidate();
    response.setHeader("Cache-Control","no-cache");
    response.setHeader("Cache-Control","no-store");
    response.setDateHeader("Expires", 0);
    response.setHeader("Pragma","no-cache");
    but dint help me .
    also tried with
    javascript:window.history.forward(-1);
    it also dint work .
    my browser is Firefox/3.0.13
    any suggestions.

    hi
    once i click on logout link .it reaches to my servlet and there i am setting the header and then forwarding to the login page again.
    so i dint understand " you should disable caching at the top of your views"
    can u please explain it.
    public void doGet(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException
            HttpSession session = request.getSession(true);
            session.removeAttribute("flag");
            session.invalidate();
            response.setHeader("Cache-Control","no-cache");
            response.setHeader("Cache-Control","no-store");
            response.setDateHeader("Expires", 0);
            response.setHeader("Pragma","no-cache");
            System.out.println("i have reached here ");
            dispatcher = getServletContext().getRequestDispatcher("/index.jsp");
            dispatcher.forward(request, response);
           }i tried putting the above header lines in jsp also ...
    but the result is same it allowed me to navigate in to the application using back button .
    I have googled for a solution ...but was not able to land with a solution .
    Kindly suggest
    Thanks in advance

  • Preventing the User from going back to the main page after logging out.

    Hi all,
    In my project I want to prevent the User from going back to the Main page, by clicking the back button of the browser, after the user has loggged out.I had invalidated the session so the user will not be able to do any operations, but he can vew the infos. I want to redirect to the login page if the user tries to go back using the back button after he has logged out.
    I tried the same in this forum after loging out. Surprisingly it is the same. I can browse through all the operations i did even after logging out from here.
    Is it not possible to do that in Servlets?Could somebody help?
    Thanks,
    Zach.

    Hi,
    You can use a servlet filter to do this , as it can interceptany request to your application you can decide to allow user access or not to any page/servlet.
    public class Test implements Filter{
         public void destroy() {
         public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException,
                   ServletException {
              System.out.println("filter");
              HttpServletRequest request = (HttpServletRequest) arg0;
              if(!request.getRequestURI().contains("index")){ // set condition that will be checked to verify if the user is logged in
                   System.out.println("redirecting ... ");
                   RequestDispatcher d = arg0.getRequestDispatcher("/index.jsp");
                   d.forward(arg0, arg1);
              arg2.doFilter(arg0, arg1);
         public void init(FilterConfig arg0) throws ServletException {
    }in you web.xml add :
    <filter>
              <filter-name>test</filter-name>
              <filter-class>test.Test</filter-class>
         </filter>
         <filter-mapping>
              <filter-name>test</filter-name>
              <url-pattern>/*</url-pattern>
         </filter-mapping>

  • How to stop the gray wheel from spinning after logging out

    how to stop the gray wheel from spinning after logging out?

    Frank ...
    Make sure to quit all open applications before logging out.
    Your proflie indicates your Mac has v10.7.1 installed.
    If that is the case, updating your system software will help as far as functionaly as well as security.
    Install the OS X Lion Update 10.7.5 (Client Combo)
    Then restart your Mac.
    message edited by:  cs

  • After Time Machine backs up my file vault files (after logging out), when I next log into the user account it beachballs permanently during log in.

    After Time Machine backs up my file vault files (after logging out), when I next log into the user account it beachballs permanently during log in.  The backup was successful, as I had to restore after this issue last time.  Hard resetting doesn't resolve the issue.  Is there a Time Machine setting that I should be aware of?
    I have 2011 13" MBP, 10.6.8 and use an external hard drive connected via USB for my Time Machine backups.
    Thanks

    I was able to get it to work.  Thanks for your help.  It's unfortunate the two applications do not work well together.  This is what I did:
    1) Safe boot and logged into the affected user (since the whole issue damaged the account's system settings).
    2) Turned off File Vault in System Preferences. I needed to make some space on the hard drive first since apparently the total free space on the hard drive has to equal or exceed the amount of data currently in the file vault.  I deleted some files and moved others to the Admin account.  This whole process took awhile.
    3) Finally, just restarted and logged in.  The next time machine backup seems to be a significant backup, I assume because it's backing up the user account in a different way now that File Vault is turned off.
    Thanks again!

  • After logging out of mozilla firefox i cannot log back in to mozilla firefiox , why ?

    after logging out of Mozilla Firefox
    I can't log back in
    why ?
    please help me

    This just happened to me too. But I've been on iTunes Match for several months now. I've had the problem several times before where ITM says something's "not available at this time; try again later," and at those times I've had to sign out of my iTunes Store account and back in for ITM to work again.
    But this time, when I tried to turn on iTunes Match again, I got this error (on my screen right now):
    iTunes match is matching a library from another computer. Only one library can be matched at a time. If you continue, the other iTunes Match session will be stopped and this computer's library will be matched instead. Buttons: [Cancel] [Match this computer]
    Well, I surely do NOT want to "Match this computer", as I have several thousand songs in iCloud that are NOT on this computer!
    What is going on???

  • Using Back Button after Display Report

    Hi,
    Need an advice, i need to customize the standard BACK button after report had been displayed, trying to use AT USER-COMMAND, but still not avail..
    anyone can come with example will help me a lot.
    Thanks

    Hi badz lee,
    Just change the function code 'BACK' to 'ZBACK' in your custom GUI staus.
    Then write your own logic for the custmer needs.
    Hope this code helps.
    *& Report  ZVK_TEST
    REPORT  zvk_test.
    TABLES:ekko."for select option only
    SELECT-OPTIONS:s_ebeln FOR ekko-ebeln.
    DATA:lt_ekko TYPE TABLE OF ekko,
         lw_ekko TYPE ekko.
    START-OF-SELECTION.
      SET PF-STATUS 'STLI'."copy status STLI of program SAPMSSY0.
      SET TITLEBAR 'TITLE'.
      SELECT * INTO TABLE lt_ekko
        FROM ekko
        WHERE ebeln IN s_ebeln.
      LOOP AT lt_ekko INTO lw_ekko.
        WRITE:/ lw_ekko-ebeln,
                lw_ekko-bukrs,
                lw_ekko-bstyp,
                lw_ekko-bsart.
      ENDLOOP.
    END-OF-SELECTION.
    AT USER-COMMAND.
      CASE sy-ucomm.
        WHEN 'ZBACK'.
          PERFORM back_function."Your logic
        WHEN OTHERS.
      ENDCASE.
    *&      Form  BACK_FUNCTION
    FORM back_function .
      LEAVE PROGRAM.
    ENDFORM.                    " BACK_FUNCTION

  • Please,I want to stop users from visiting particular wensites while connected to the internet. How do I configure Firefox to automatically stop users from visiting such dangerous sites?

    Please,I want to stop users from visiting particular wensites while connected to the internet. How do I configure Firefox to automatically stop users from visiting such dangerous sites?

    Thanks, Ronda! I haven't been able to try your suggestion because I fried my router! So I need to get a new wireless router before proceeding.
    (I may start a new thread about getting a new router, but I will look for answers first to my questions and only start one if I cannot find answers.)
    After I get a new router, I will try what you suggested and report back here.

  • How to disable  browser back button after session logout..

    Hi;
    I want to restrict the user to use the back button after session expired or logout. By doing the session expired we are restricting the user to do any new work but I want to restrict the user to see the back pages that he surfed previously in the session.
    Is there any method to disable the browser back button after the session Expired?
    please help me to find out the solution..
    Thanks in advance.
    With Regards,
    Haramohan

    One possible way is automatic return to the current page by writing the following Javascript code to the previous page:
    <script language=JavaScript>
    function backButtonOverride(){
    setTimeout("backButtonOverrideBody()", 1);
    function backButtonOverrideBody(){
    try {
    history.forward();
    } catch (e) {}
    setTimeout("backButtonOverrideBody()", 100);
    </script>
    <%
    catch(Exception e){
    %>
    <jsp:forward page="front.jsp"></jsp:forward>
    <%
    %>

  • How do I stop Firefox from giving various options regarding log in info for a particular website?

    How do I stop Firefox from giving various options re log in info? By mistake I typed in my password at the end of my email address and want to stop this from popping up where, every time I go to log into this site, all can see the password tacked on to the end of the email address. I deleted the history and this does nothing, the next time I go to the site and begin to log in by typing my email address it automatically gives all the options from prior attempts, including the one that has my password tacked onto the email address for anyone to see

    You can use these steps to remove saved (form) data from a drop-down list:
    #click the (empty) input field on the web page to open the drop-down list
    #highlight an entry in the drop-down list with the mouse or cursor Down key<br>do not click the mouse or press the Enter key
    #press the Delete key (on Mac: Shift+Delete) to delete the highlighted entry
    See also:
    *Tools > Options > Security: Passwords: "Saved Passwords" > "Show Passwords"
    Details like websites remembering you (log you in automatically) are stored in a cookie.
    So you can clear the Yahoo cookies to make Yahoo forget about you in case you put a checkmark in the box to have Yahoo remember you.
    You can inspect and manage the cookies for the domain in the currently selected tab:
    *Click the "[[Site Identity Button|Site Identity Button]]" (globe/padlock) on the location bar
    *Click "More Information" to open "Tools > Page Info" with the Security tab selected
    *Click "View Cookies" to view the cookies for the domain in the currently selected tab
    *Firefox/Tools > Options > Privacy > "Use custom settings for history" > Cookies: "Show Cookies"

  • How do I stop photos from syncing back onto my ipod

    how do I stop photos from syncing back onto my ipod

    Change the options on the Photos tab when the device is connected to iTunes, and on the device review your options under Settings > iCloud > Photos.
    tt2

  • New to the Apple and I want to set up a user account that will not delete the guest users files and allow and preserve their personal settings after log out. Is this possible?

    New to the Apple and I want to set up a user account that will not delete the guest users files and allow and preserve their personal settings after log out. Is this possible?

    The built-in guest user account will not do this. Simply create a new standard account and call it "Guest" or "Guest Users" or whatever you like.
    Go to System Preferences > Users& Groups, click "+" to make a new account.

  • Stopping user from making in app purchases on a live iPhone app

    Hi
                   I am trying to stop user from making in app purchases on a live iPhone app. What i have done is i made  Cleared for Sale: No in itunesconnect product id and Status is changed to Status: Developer Removed from Sale. But still i am able to do in app purchase in the app. Any idea why is it? anything i should do? Last Thureday night i have done this changes in itunes connect. i don't want to delete the product id from the itunesconnect.
    Thanks
    Anish

    Hey Michael,
    Is that the only way to stop in app purchase? delete the product ids from the itunes connect?
    Thanks
    Anish

  • How to prevent Spaces from creating a new session after logging out

    Hi,
    I'm using WebCenter Spaces (11.1.1.4), and I notice that the user is redirected to the landing page after logging out which causes a new HTTP session to be created. I'd like to avoid this behavior, and I was told that this could be done by creating a custom logout page with pure HTML and redirect the user there upon logout. How do I go about doing this? I couldn't find anything related to this in the documentation.
    Thanks,
    Robert

    What's wrong with a new session?
    When you logout, the current session will be destroyed so it's just normal that he creates a new webcenter that does not contain a user credential.

Maybe you are looking for

  • Can no longer connect to wifi on my iphone4s ,it won't come on, grayed out

    Got a replacement iPhone 4S about 2weeks ago,everything worked ok until I noticed that wifi was off and I went to next page and that page was dim or grayed out,hast came back on.tried all the standard remedies,restart,network reset,not sure what else

  • Screen Flakeout when waking up

    So for the past couple of days I've had an issue where I wake my iPhone using the home button or top button and get the unlock screen as normal. I slide to unlock and the screen goes black, flickers a few times, then returns to the unlock screen. Aft

  • Sys password issue in oracle 9i

    Oracle9i Enterprise Edition Release 9.2.0.6.0 I want to change the password of sys user with following command. alter user sys identified by sys1 It is not resetting the old passwod which is sys. Now I can login the sys user with both passwords "sys"

  • Slow broadband speed - connection dropping - bande...

    Hi, We've always had a problem with our connection dropping at least once a day since we first moved house but now our speed has been significantly reduced. From what I've read of other customer experiences, it sounds like the multiple loss of connec

  • Sound cards

    There is a problem in Labview that you cannot read and write to the sound card in the same program. If you do this the input and output signals become mixed together. ie you cannot isolate the output independantly from the input. I read somewhere tha