I am developing a simple login application, once logged in the user should not be directed to the log in page when the user presses the back button

Question

I am developing a simple login application, once logged in, the user should not be directed to the log in page when the user presses the back button in the browser. same with the homepage, once logged out the user should not be directed to the homepage when the user presses the back button in the browser. But not by disabling the cache. I want to know some other way of doing it. using jsp and servlets. Thanks for taking time to read this.

@Miya G: here is the scenario. app has two pages 1.login.jsp 2.homepage.jsp . In login page using session object i check if its "loggedin" attribute is null, if it does then the html form to login gets rendered. else if its set to "yes". user gets redirected to the homepage. But when i press the back button. I get the login page which should not happen for login application. I cleared the issue by setting the response header not to store cache memory. So that we are forcing the browser to call the server. But thats not a scalable solution, because everytime the server gets called. — Karthik Amar, Nov 27 '14 at 13:25

Muhammad Habib · Answer 1 · 2014-11-27T12:39:09.940

1

you should use session. Sessions Allows your user to be logged in until they press log out button which you of course design in your web page.

edited Nov 27 '14 at 12:39

answered Nov 27 '14 at 12:18

Muhammad Habib

23
11

Have you read question carefully he is asking about the back button issue. – Altmish-E-Azam Nov 27 '14 at 12:25
yess!! thats the issue i have faced in asp.net. In asp this issue is solved by using session variable and it worked exactly as Karthik mentioned. – Muhammad Habib Nov 27 '14 at 12:32

score 0 · Answer 2 · edited May 23 '17 at 11:58

0

You can manually set server REFERER in javascript, to be the login page, after the user logs out. That should overwrite the browser history.

Check this for more details about that.

edited May 23 '17 at 11:58

Community

1
1

answered Nov 27 '14 at 12:37

user2695712

193
1
9

Sas · Answer 3 · 2014-11-27T20:31:17.137

If you have already used filter in your app, in your filter set no cache in the header:

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain){
    HttpServletResponse response = (HttpServletResponse) res;         
    response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); 
    response.setHeader("Pragma", "no-cache");
    response.setDateHeader("Expires", 0);
    chain.doFilter(req, res);
}

score -1 · Answer 4 · answered Jul 19 '16 at 20:14

Are you using session? If no then you should, if yes then do the following

1) over ride onResume method out of the scope of onCreate method.
2) then check login in onResume
3) if login returns false do nothing
4) if login is true simply do this.finish()

and this will take you back to the activity where you came from

No matter how many time user comes to login screen, he will sent back, unless he logs out.

I am developing a simple login application, once logged in the user should not be directed to the log in page when the user presses the back button

4 Answers4