I am using Tomcat web container. I have an admin console application. When I click on exit, the session attribute becomes null and invalid, see below the code in the logout.jsp file. After logging out, the user goes to the login page. In fireFox, I click the back button. I have the following issues. At first I do not get the page with the expired page, as in IE Secondly, when I click on any link on the page, I check the sessioon attribute, which I made null when I logged out. The meaning of this is "success." I am completely confused by this behavior. This is a firefox or tomcat session management issue.
I am sure that I need more knowledge to understand this behavior. Appreciate your help in letting me know what's going on here ...
<%@ page session="false" %>
<%
response.setHeader("cache-control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires",-1);
%>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%
HttpSession session = request.getSession(false);
System.out.println("session"+session);
session.setAttribute("loginStatus",null);
session.invalidate();
%>
source
share