注销后避免访问历史记录

Question

我想创建一个登录页面,注销后我希望用户显示登录页面而不是上一页

注销后如何防止用户返回上一页.我已经清除了缓存....但是通过按下后退按钮用户将转到上一页.我想在退出后用户按下后按钮登录页面刷新并显示

    <s:form action="Login" >
    <s:textfield label="username" name="userName"/>
    <s:password label="password" name="password"/>
    <s:submit name="login" value="login"></s:submit>
    </s:form>

如何管理会话也.任何人帮我登录.java

  package action;

 import com.opensymphony.xwork2.ActionSupport;


public class Login extends ActionSupport {

private String userName;
private String password;

public Login() {
}

@Override
  public String execute() {



  Map  session = ActionContext.getContext().getSession();
  session.put("logged-in","yes");
  return SUCCESS;


}
    @Override
       public void validate()
    {
    if(getUserName().length()==0)
    {
         addFieldError("userName", "User Name is required");
    }
   else if (!getUserName().equals("prerna"))
   {
       addFieldError("userName", "Invalid User");
   }

     if(getPassword().length()==0)
    {
         addFieldError("password", "password is required");
    }

     else   if (!getPassword().equals("prerna")) {
        addFieldError("password", getText("password.required"));
    }



   }


      public String getUserName() {
       return userName;
      }

/**
 * @param userName the userName to set
 */
public void setUserName(String userName) {
    this.userName = userName;
}

/**
 * @return the password
 */
public String getPassword() {
    return password;
}

/**
 * @param password the password to set
 */
public void setPassword(String password) {
    this.password = password;
}
 }
Logout.java

   public class Logout {

     public Logout() {
       }

       public String execute() throws Exception {

     Map session = ActionContext.getContext().getSession();
     session.remove("logged-in");

    return "success";
}

}

logout.jsp

   <s:property value="userName"/>
     <s:property value="password"/>
    <s:url action="Logout.action" var="urlTag">

      </s:url>
      <s:a href="%{urlTag}">URL Tag Action (via %)</s:a>

拦截器logintest

  package interceptor;

    import action.Login;
    import com.opensymphony.xwork2.ActionContext;
    import com.opensymphony.xwork2.ActionInvocation;
    import com.opensymphony.xwork2.interceptor.Interceptor;
    import java.util.Map;



 public class logintest implements Interceptor {

   public logintest() {
    }

public void destroy() {
    throw new UnsupportedOperationException("Not supported yet.");
}

public void init() {
    throw new UnsupportedOperationException("Not supported yet.");
}

public String intercept(ActionInvocation actionInvocation) throws Exception {
   Map<String, Object> session = ActionContext.getContext().getSession();

    // sb: feel free to change this to some other type of an object which
    // represents that the user is logged in. for this example, I am using
    // an integer which would probably represent a primary key that I would
    // look the user up by with Hibernate or some other mechanism.
    String userId = (String) session.get("logged-in");

    // sb: if the user is already signed-in, then let the request through.
    if (userId != null) {
        return actionInvocation.invoke();
    }

    Object action = actionInvocation.getAction();

    // sb: if the action doesn't require sign-in, then let it through.


    // sb: if this request does require login and the current action is
    // not the login action, then redirect the user
    if (!(action instanceof Login)) {
        return "loginRedirect";
    }

    // sb: they either requested the login page or are submitting their
    // login now, let it through
    return actionInvocation.invoke();

   }

}

在struts.xml

              <!DOCTYPE struts PUBLIC
     "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN"
         "http://struts.apache.org/dtds/struts-2.1.dtd">

 <struts>
      <!-- Configuration for the default package. -->
<package name="default" extends="struts-default">

    <interceptors>

        <interceptor name="logintest"
class="interceptor.logintest"></interceptor>

        <interceptor-stack name="newStack">
            <interceptor-ref name="logintest"/>
            <interceptor-ref name="defaultStack" />
        </interceptor-stack>
    </interceptors>
    <global-results  >
        <result name="loginRedirect" type="redirect" >/login.jsp</result>
    </global-results>
    <action class="action.Login" name="Login">
        <interceptor-ref name="newStack"></interceptor-ref>
        <result name="input">/login.jsp</result>

        <result name="success">/loginsuccess.jsp</result>

    </action>

    <action class="action.Logout" name="Logout">

        <interceptor-ref name="newStack"></interceptor-ref>

        <result name="success">/login.jsp</result>
    </action>
</package>

Answer 1

正如利维乌. 如上所述，该行为是由客户端的浏览器控制的。您最多可以做的就是在每次请求登录页面时发送无缓存和可能无存储的标头，以便浏览器不会存储这些标头，并且当用户按下回键时，浏览器必须重新请求该页面，这结果出现在登录页面。

您想要设置的特定标头是：

response.setHeader("Cache-Control", "no-cache, no-store");
response.setDateHeader("Expires", 0);
response.setHeader("Vary", "*");