logout in struts2

**sunithamm** · 03-05-2012, 12:15 PM

Hi all,
i want to create an application which has login and logout. On successful login, user will be able to see his/her homepage. Once he clicked logout, session would be cleared and the user will go to another page from where he/she can log in again. When the browser back button is pressed after logout, user is able to see his/her homepage. Which i do not want. I want to redirect the user to login page, when browser back button is clicked after logout.

Can anybody help me to solve this?

**Tolls** · 03-05-2012, 12:17 PM

Prevent cacheing on the client.
You should be able to Google for that.
The back button isn't taking the browser to the homepage, but a cache of the homepage.

**sunithamm** · 03-05-2012, 12:21 PM

Hi
Thanks for your reply.
I wrote an interceptor as shown below:
public class ClearCacheInterceptor extends AbstractInterceptor {

@Override
public String intercept(ActionInvocation invocation) throws Exception {
ActionContext context = (ActionContext) invocation
.getInvocationContext();
HttpServletResponse response = (HttpServletResponse) context
.get(StrutsStatics.HTTP_RESPONSE);

response.setHeader("Pragma", "no-cache");

response.setHeader("Cache-Control", "no-cache, no-store");
response.setDateHeader("Expires", 0);
response.setHeader("Vary", "*");

String result = invocation.invoke();

System.out.println("check result=" + result);

return result;
}

}

struts.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>

<constant name="struts.enable.DynamicMethodInvocation" value="false" />
<constant name="struts.devMode" value="false" />
<constant name="struts.ui.theme" value="css_xhtml" />

<package name="action" extends="struts-default">
<interceptors>
<interceptor name="clear-cache" class="com.action.ClearCacheInterceptor"></interceptor>
</interceptors>
<action name="loginAction" class="com.action.ActionClass"
method="login">

<result name="success">/success.jsp</result>
<result name="error">/login.jsp</result>
</action>
<action name="logoutAction" class="com.action.ActionClass"
method="logout">
<interceptor-ref name="clear-cache"></interceptor-ref>
<result name="success">/logoutcomplete.jsp</result>
</action>
<action name="loginAgainAction" class="com.action.ActionClass"
method="loginAgain">
<result name="success">/login.jsp</result>
</action>
</package>
</struts>

Is this enough?
But i am not getting the expected behaviour

**Tolls** · 03-05-2012, 12:32 PM

WHen the back button is being used does the client make a call to the server?
If so then you need to beef up the security on your server.
If not then there is still something in the cache.

**sunithamm** · 03-05-2012, 12:44 PM

when browser back button is pressed, then client doesn't make call to server.

**Tolls** · 03-05-2012, 12:57 PM

OK, then it must be cached.
Which implies the above is not sufficient.
Have you checked the interceptor is run?

**sunithamm** · 03-07-2012, 06:58 AM

Hi..
sorry for the delayed reply...
I checked and the interceptor is running.

**Tolls** · 03-07-2012, 09:32 AM

Then possibly the browser is overriding it (which it is perfectly entitled to do, no-cache is only a request to the browser, not an order).
This has hit the point where you'll simply have to trace what's going on, look at the html, monitor the cache, go through all your browser options, try it on different browsers...not really something we can handle here as it's grunt work.