您的过滤器仅在 welcome.html 上而不是在受限制的页面上设置无缓存标头.因此，无论何时浏览器通过后退"按钮请求这些受限页面中的任何一个，它都可能会显示缓存的版本.您的过滤器需要在所有受限页面上设置no-cache标头.

Your filter is setting the no-cache headers on the welcome.html only, not on the restricted pages. So whenever the browser requests any of those restricted pages via back button, it will likely show up the cached version. Your filter needs to set the no-cache headers on all restricted pages.

因此，您需要进行更改

    if (session == null || session.getAttribute("username") == null) {
        response.sendRedirect("welcome.html"); // No logged-in user found, so redirect to login page.
        response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
        response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        response.setDateHeader("Expires", 0);
    } else {
        chain.doFilter(req, res);  
    }

到

    if (session == null || session.getAttribute("username") == null) {
        response.sendRedirect("welcome.html"); // No logged-in user found, so redirect to login page.
    } else {
        response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
        response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        response.setDateHeader("Expires", 0);
        chain.doFilter(req, res);  
    }