注销后避免访问历史记录

Question

我想创建一个登录页面，注销后我希望用户显示登录页面而不是上一页，

如何防止用户在注销后返回上一页。 我已经清除了缓存....但通过按后退按钮用户将转到上一页。我想在注销用户按后退按钮后刷新登录页面并显示

    <s:form action="Login" >
    <s:textfield label="username" name="userName"/>
    <s:password label="password" name="password"/>
    <s:submit name="login" value="login"></s:submit>
    </s:form>

如何管理会话。任何人都可以帮助我 登录.java

  package action;

 import com.opensymphony.xwork2.ActionSupport;


public class Login extends ActionSupport {

private String userName;
private String password;

public Login() {
}

@Override
  public String execute() {



  Map  session = ActionContext.getContext().getSession();
  session.put("logged-in","yes");
  return SUCCESS;


}
    @Override
       public void validate()
    {
    if(getUserName().length()==0)
    {
         addFieldError("userName", "User Name is required");
    }
   else if (!getUserName().equals("prerna"))
   {
       addFieldError("userName", "Invalid User");
   }

     if(getPassword().length()==0)
    {
         addFieldError("password", "password is required");
    }

     else   if (!getPassword().equals("prerna")) {
        addFieldError("password", getText("password.required"));
    }



   }


      public String getUserName() {
       return userName;
      }

/**
 * @param userName the userName to set
 */
public void setUserName(String userName) {
    this.userName = userName;
}

/**
 * @return the password
 */
public String getPassword() {
    return password;
}

/**
 * @param password the password to set
 */
public void setPassword(String password) {
    this.password = password;
}
 }
Logout.java

   public class Logout {

     public Logout() {
       }

       public String execute() throws Exception {

     Map session = ActionContext.getContext().getSession();
     session.remove("logged-in");

    return "success";
}

}

logout.jsp

   <s:property value="userName"/>
     <s:property value="password"/>
    <s:url action="Logout.action" var="urlTag">

      </s:url>
      <s:a href="%{urlTag}">URL Tag Action (via %)</s:a>

拦截器 登录测试

  package interceptor;

    import action.Login;
    import com.opensymphony.xwork2.ActionContext;
    import com.opensymphony.xwork2.ActionInvocation;
    import com.opensymphony.xwork2.interceptor.Interceptor;
    import java.util.Map;



 public class logintest implements Interceptor {

   public logintest() {
    }

public void destroy() {
    throw new UnsupportedOperationException("Not supported yet.");
}

public void init() {
    throw new UnsupportedOperationException("Not supported yet.");
}

public String intercept(ActionInvocation actionInvocation) throws Exception {
   Map<String, Object> session = ActionContext.getContext().getSession();

    // sb: feel free to change this to some other type of an object which
    // represents that the user is logged in. for this example, I am using
    // an integer which would probably represent a primary key that I would
    // look the user up by with Hibernate or some other mechanism.
    String userId = (String) session.get("logged-in");

    // sb: if the user is already signed-in, then let the request through.
    if (userId != null) {
        return actionInvocation.invoke();
    }

    Object action = actionInvocation.getAction();

    // sb: if the action doesn't require sign-in, then let it through.


    // sb: if this request does require login and the current action is
    // not the login action, then redirect the user
    if (!(action instanceof Login)) {
        return "loginRedirect";
    }

    // sb: they either requested the login page or are submitting their
    // login now, let it through
    return actionInvocation.invoke();

   }

}

struts.xml

              <!DOCTYPE struts PUBLIC
     "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN"
         "http://struts.apache.org/dtds/struts-2.1.dtd">

 <struts>
      <!-- Configuration for the default package. -->
<package name="default" extends="struts-default">

    <interceptors>

        <interceptor name="logintest"
class="interceptor.logintest"></interceptor>

        <interceptor-stack name="newStack">
            <interceptor-ref name="logintest"/>
            <interceptor-ref name="defaultStack" />
        </interceptor-stack>
    </interceptors>
    <global-results  >
        <result name="loginRedirect" type="redirect" >/login.jsp</result>
    </global-results>
    <action class="action.Login" name="Login">
        <interceptor-ref name="newStack"></interceptor-ref>
        <result name="input">/login.jsp</result>

        <result name="success">/loginsuccess.jsp</result>

    </action>

    <action class="action.Logout" name="Logout">

        <interceptor-ref name="newStack"></interceptor-ref>

        <result name="success">/login.jsp</result>
    </action>
</package>

Answer 1

正如利维乌.如上所述，该行为是由客户端的浏览器控制的。您最多可以做的就是在每次请求登录页面时发送无缓存和可能无存储的标头，以便浏览器不会存储这些标头，并且当用户按下回键时，浏览器必须重新请求该页面，这结果出现在登录页面。

您想要设置的特定标头是：

response.setHeader("Cache-Control", "no-cache, no-store");
response.setDateHeader("Expires", 0);
response.setHeader("Vary", "*");

Answer 2

试试这个

<html>
<head>
<title>Back Button Demo: Page One</title>
<script>
function backButtonOverride()
{
  // Work around a Safari bug
  // that sometimes produces a blank page
  setTimeout("backButtonOverrideBody()", 1);

}

function backButtonOverrideBody()
{
  // Works if we backed up to get here
  try {
    history.forward();
  } catch (e) {
    // OK to ignore
  }
  // Every quarter-second, try again. The only
  // guaranteed method for Opera, Firefox,
  // and Safari, which don't always call
  // onLoad but *do* resume any timers when
  // returning to a page
  setTimeout("backButtonOverrideBody()", 500);
}
</script>
</head>
<body onLoad="backButtonOverride()">
<h1>Back Button Demo: Page One</h1>
<a href="page2.html">Advance to Page Two</a>
</body>
</html>

源链接