我正在struts2中完成我的项目,并且已经在我的项目中成功创建了登录页面和注销页面。但是当用户注销并且他单击浏览器上的后退按钮时,用户可以查看登录页面。我怎么能避免这种情况?
这是我登录页面的HTML
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@taglib prefix="s" uri="/struts-tags" %>
<% /*
<s:if test="#session.Salesman.username != ''" >
<script type="text/javascript" >
top.location.href = "salesmanHome" ;
</script>
</s:if>
<s:else>
*/%>
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Cache-control" content="no-cache">
<!--++++++DEVELOPED BY WWW.ZOONDIA.IN AND WWW.ZOOCRE8IVE.COM+++++-->
<title>DrDirect</title>
<script src="js/scripts.js" type="text/javascript"></script>
<style type="text/css">@import url("css/styles.css");</style>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Cache-Control" content="no-cache"/>
<meta http-equiv="Expires" content="-1"/>
</head>
<body>
<div class="drDirectHomeWrapper">
<div id="wrapper" class="drSalesBottomSection innerBotSec">
<div class="drLoginWrapper overview">
<div class="drLoginCont">
<div class="drLoginHolder">
<img src="images/drHomeLogo.png" width="203" height="41" alt="" />
<form action="salesManLogin" method="post">
<div class="drLoginField">
<s:if test="hasActionErrors()">
<div class="loginErrorHolder">
<s:actionerror />
</div>
</s:if>
<input type="hidden" name="urlPath" value="<%=request.getServletPath()%>" />
<div class="drLoginNameHolder queryInput">
<label for="userName">User Name</label>
<%--<s:textfield id="userName" theme="simple" name="userName"/>--%>
<input type="text" id="userName" name="userName" autocomplete="off"/>
</div>
<div class="drLoginNameHolder queryInput">
<label for="password">Password</label>
<%-- <s:password theme="simple" name="password" id="password"/> --%>
<input type="password" name="password" id="password" autocomplete="off"/>
</div>
<!-- <input type="submit" class="btnHomeLogIn" value="Login" /> -->
<button type="submit" class="btnHomeLogIn" >Login</button>
<div class="clear"></div>
<p class="homeLoginPassword">
<a href="gotoForgotPassword.action">Lost Your Password?</a>
</p>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
这是我的登录成功页面
<%@taglib prefix="s" uri="/struts-tags" %>
<s:include value="/WEB-INF/salesMan/salesManheader.jsp"/>
<%@page import= "com.myDrDirect.common.MyBase64"%>
<div id="container">
<!--Header-->
<div id="pageHeader">
<s:a action="gotosalesManLogout" >Logout</s:a>
<a href="/" title="DrDirect"><img src="images/pageLogo.png" width="166" height="36" alt="DrDirect" /></a>
</div>
<s:include value="/WEB-INF/salesMan/salesManLeftMenu.jsp" />
<!--Right Col-->
<%
Integer docid = null;
String did = null;
try {
//docid =0;
did = "0";
MyBase64 Base64 = new MyBase64();
byte[] bytedocid = did.getBytes();
did = Base64.encode(bytedocid);
} catch (Exception e) {
e.printStackTrace();
}
%>
<%-- <div id="rightCol" class="tablecell3">
<!--<iframe src="text.html" height="100%" width="100%" frameborder="0" scrolling="no" allowtransparency="yes"></iframe>-->
<div class="drHomeSignUpWrapper">
<div class="drHomeSignUpCont">
<div class="drHomeSignUpHolder">
<img src="images/drHomeLogo.png" width="203" height="41" alt="" />
<a class="btnDrSignUp" title="Presentation">Presentation</a>
<a href="gotosalesManDoctorhome" id="template" class="btnDrSignUp" title="Templates">Templates</a>
<s:form action="" method="post" name="signUpformDoctor" >
<s:hidden name="ID" value="" id="doctorID"/>
<a href="javascript:void(0);" onclick="redirectpagesignUpformDoctor('<%=did%>');" class="btnDrSignUp" title="Sign Up Doctor">Sign Up Doctor</a>
</s:form>
</div>
</div>
</div>
</div>--%>
<!--End Right Col-->
<div id="rightCol" class="tablecell3">
<!--<iframe src="text.html" height="100%" width="100%" frameborder="0" scrolling="no" allowtransparency="yes"></iframe>-->
<div class="rightWrapper removeClass">
<iframe src="salesManhomePage" height="100%" width="100%" id="frameCont" frameborder="0" scrolling="no" name="iframeCenter" allowtransparency="yes"></iframe>
<!-- <div class="bgLeftShadow removeClass"></div>-->
<div class="bgRightShadow removeClass"></div>
</div>
<div class="bgRightWrapBot removeClass"><div class="bgBotRight"><div></div></div></div>
</div>
<%--<s:include value="/WEB-INF/salesMan/salesmanDoctorsList.jsp" />
<s:include value="/WEB-INF/salesMan/salesmanIframe.jsp" />--%>
<s:include value="/WEB-INF/salesMan/salesManFooter.jsp" />
我的salesManHeader.jsp是
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=0, minimum-scale=1.0, maximum-scale=1.0"/>
<!--++++++DEVELOPED BY WWW.ZOONDIA.IN AND WWW.ZOOCRE8IVE.COM+++++-->
<title>DrDirect - Template</title>
<script src="js/scripts.js" type="text/javascript"></script>
<style type="text/css">@import url("css/styles.css");</style>
<script type="text/javascript">contactScroll="yes";</script>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Cache-Control" content="no-cache"/>
<meta http-equiv="Expires" content="-1"/>
</head>
<body style="min-width: 1024px;">
请检查。包含页面会在这里引起问题。
答案 0 :(得分:1)
@Jordan Arsenault在评论中已经说过的内容完全适用于您的问题。这是一个与浏览器缓存相关的问题,如果您已经使会话无效,那么点击该链接将不允许用户做任何事情直到他/她登录系统
您可以做的其他一些工作是在您的注销Action类中设置HTTP标头,或者可以创建一个自定义Interceptor,其代码类似于
HttpServletResponse response=null;
response=ServletActionContext.getResponse();
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Expires", "0");
另外,您也可以将这些标题添加到您的JSP页面,但它不是100%确定服务器会尊重您的标题,直到您以安全模式(https)浏览。
从邮件列表中读取以下主题以解决类似问题
答案 1 :(得分:0)
长时间(更好)的解决方案:
你应该在你的应用程序中实现类似session的东西。你也可以使用struts拦截器过滤掉任何发送给server的请求。当用户注销时,会话将被销毁。
短时间解决方案:
在您的登录页面中,将此代码粘贴到onload事件中:
window.history.forward(1);
<强>更新
在您的登录页面中:
<body onload="window.history.forward(1);"> //// to disable back button
答案 2 :(得分:0)
我假设您在密码保护区域拥有授权控制(带会话)。然后,您只需在头标记中添加元标记即可。
<meta http-equiv="Cache-control" content="no-cache">
希望这有效..
答案 3 :(得分:0)
内容可能只是缓存。
如果您的应用程序不是超级数据,只需在任何HTML输出之前添加非缓存标头 :
header('Cache-Control: no-cache, no-store, must-revalidate'); // HTTP 1.1.
header('Pragma: no-cache'); // HTTP 1.0.
这将是一个快速解决方案。
答案 4 :(得分:0)
我试过了
<%
response.setHeader("Cache-Control","no-cache"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
%>
在我的jsp页面中
HttpServletResponse response=null;
response=ServletActionContext.getResponse();
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Expires", "0");
在我的java页面和
中编写脚本
window.history.forward(1)
在我的网页上写下,但不幸的是,这些脚本中的任何一个都没有在我的
上做任何事情