la sesión expira y el botón Atrás del navegador en jsp y sevlet [duplicado]

Posible duplicado:
Evitar que el usuario vuelva a la página segura anterior después de cerrar la sesión

I have to create a login and logout page with sessions. Now I have to invalidate the session after a certain interval of time and after clicking logout button. After session expiry time and logout action no one should be access previous pages by clicking back button of browser without again logging.

¿Cómo puedo conseguir esto?

preguntado el 28 de agosto de 12 a las 11:08

You will want to try solving the problem on your own first. Asking for full working code isn't what this site is for. Try re-phrasing your question and giving some effort on your part. -

2 Respuestas

Set the session timeout in the web.xml archivo:


Put in the session user's name when an user's logged:

session.setAttribute(userName, "userName");

And kill it when an user's logged out:


Create a filter to validate an user, like this:

public class AuthorizationFilter extends Filter {

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
                                          throws   IOException, ServletException { 

        HttpServletRequest req = (HttpServletRequest) request; 

        HttpSession session = req.getSession(); 

        String userName = (String) session.getAttribute("userName"); 

        if (userName == null) { 

        chain.doFilter(request, response);  

    private void rejectRedirect() {
        response.sendRedirect("/login.jsp"); // or warning page

And map this filter in the web.xml:

   <filter-name>Authorization Filter</filter-name> 
   <filter-name>Authorization Filter</filter-name> 

Respondido 29 ago 12, 15:08

Thank you Sir, For ur response, - user1197114

Sir i went through ur suggestions but I am not getting how to use this in login and logout page . - user1197114

Will you plz guide me upto there As i dont have the idea to use this. - user1197114

Crear botón de envío logout en forma: <form action="logout.jsp"><input type="submit" value="Logout"/></form>. Delete session attribute on the logout.jsp page. This isn't certainly the best approach in terms of app architecture. But such decision will be acceptable for a test application. - capandron

I believe that you're not understanding the concrete question. - BalusC

    public void doFilter(ServletRequest req, ServletResponse res,
            FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;

        HttpServletResponse response = (HttpServletResponse) res;

        HttpSession session = request.getSession();

        String userName = (String) session.getAttribute("loggedVendor");

        if (userName == null)

        chain.doFilter(request, response);

    public void init(FilterConfig filterConfig)
            throws ServletException {
        // We can initialize a filter using the init-params here
        // (which we defined in the deployment descriptor - web.xml)


Respondido 31 ago 12, 10:08

@Andrey Sir i did as you directed but page is not redirecting to login page - user1197114

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.