这是完美的。我使用以下来清除缓存。并且我在logout.jsp中使会话无效，单击它时会检查某个令牌属性（在用户登录时设置），如果找不到它，它会重定向到登录页面。

 <％

 response.setHeader（Cache-Control，no-cache ）; 
 response.setHeader（Cache-Control，no-store）; 
 response.setHeader（Pragma，no-cache）; 
 response.setDateHeader（Expires，0）; 
 if（session.getAttribute（token）== null）{
 response.sendRedirect（request.getContextPath（）+/LogOut.jsp）; 

} 
％> 
 

感谢您的建议。我一定会把它付诸行动。每一个帮助和建议表示赞赏。

I'm working on JSP. I know there are many posts regarding this topic but nothing is working for me. I have a login page which leads to a welcome page. The session is invalidated when the user clicks on logout and is then redirected to the login page. But if the user clicks the browsers back button he is again taken to the welcome page, although if he presses any other button or refreshes the page he will be taken to the login page because the session has expired. But I don't want the user to be able to access the welcome page by clicking the browsers back button once he's logged out. I tried using the following:

<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="-1" />

but it's not working.

I tried using:

window.history.forward(1);

it works fine, but it leads to another problem. If the user logs in and is taken to the welcome page. then the user presses a button let's say "show user details" and the user is taken to the "show user details" page. now if the user clicks the back button to go back to the welcome page. He stays on the same "show user details" page, because of the window.history.forward(1) on the welcome page.

I want that the user should be able to use the browsers back button if the session is valid. If the session is invalid he should not be able to use the browsers back button.

This is working perfectly. i used the following to clear the cache. and i'm invalidating the session in logout.jsp, when clicked, it checks for some token attribute (which is set when the user logs in), and if it doesn't find it, it redirects to the login page.

<%

response.setHeader("Cache-Control","no-cache");
response.setHeader("Cache-Control","no-store");
response.setHeader("Pragma","no-cache");
response.setDateHeader ("Expires", 0);
    if(session.getAttribute("token")==null){
    response.sendRedirect(request.getContextPath() + "/LogOut.jsp");

}
%>

thanks for the suggestion though. I will certainly put it into action. every help and suggestion is appreciated.