Kill session and redirect to login page on click of logout button

Question

I have the following code in JSP:

<%
    if(session.getAttribute(\"Username\") == null || session.getAttribute(\"Username\") == \"_INVALID_\")
    {
        r         


        

Answer 1

You should take a look at the invalidate() method of HttpSession. The session can be retrieved via HttpServletRequest getSession() method.

You should also take a look at Expires, Cache-Control, Pragma http headers, as in: Prevent user from going back to the previous secured page after logout .