after logout click on back button cache issue

Question

<%
    response.setHeader(\"Cache-Control\",\"no-cache,no-store,must-revalidate\");//HTTP 1.1
    response.setHeader(\"Pragma\",\"no-cache\"); //HTTP 1.0
    resp         


        

Answer 1

I am including this in all my jsps inside body tag

This might be too late when the HTTP response is already committed at that point. A HTTP response will be committed when an X amount of characters are already been written to it, which will in your case be the HTML . You need to put those lines in the very top of the JSP file, not in the of the HTML representation.

---

On an unrelated note, you're making a huge design mistake by copypasting the same lines of code over multiple files. This is not DRY. Whenever you need to copypaste code, you should always stop and ask yourself if there isn't a single place to execute the particular code. In your particular case, you should have used a Filter instead. For a concrete example, see also this answer: Prevent user from seeing previously visited secured page after logout. Also, writing Java code in JSPs is a bad practice. Check How to avoid Java code in JSP files?

Also, your logout method is strange. Don't store the username in some custom cookie. You're basically reinventing the session. Just store the logged-in user as a session attribute instead and invalidate the entire session and send a redirect.

request.getSession().invalidate();
response.sendRedirect(request.getContextPath() + "/home.jsp");

For background information on working of session, read this: How do servlets work? Instantiation, sessions, shared variables and multithreading