struts2 - 退出后避免访问历史记录

Question

我想创建一个登录页面，注销后我希望用户显示登录页面而不是上一页

如何防止用户在注销后返回上一页。
我已经清除了缓存....但是它通过按后退按钮用户将转到上一页。我想在注销用户按后退按钮后刷新并显示登录页面

    <s:form action="Login" >
    <s:textfield label="username" name="userName"/>
    <s:password label="password" name="password"/>
    <s:submit name="login" value="login"></s:submit>
    </s:form>

如何管理 session 。任何人都可以帮助我
登录.java

  package action;

 import com.opensymphony.xwork2.ActionSupport;


public class Login extends ActionSupport {

private String userName;
private String password;

public Login() {
}

@Override
  public String execute() {



  Map  session = ActionContext.getContext().getSession();
  session.put("logged-in","yes");
  return SUCCESS;


}
    @Override
       public void validate()
    {
    if(getUserName().length()==0)
    {
         addFieldError("userName", "User Name is required");
    }
   else if (!getUserName().equals("prerna"))
   {
       addFieldError("userName", "Invalid User");
   }

     if(getPassword().length()==0)
    {
         addFieldError("password", "password is required");
    }

     else   if (!getPassword().equals("prerna")) {
        addFieldError("password", getText("password.required"));
    }



   }


      public String getUserName() {
       return userName;
      }

/**
 * @param userName the userName to set
 */
public void setUserName(String userName) {
    this.userName = userName;
}

/**
 * @return the password
 */
public String getPassword() {
    return password;
}

/**
 * @param password the password to set
 */
public void setPassword(String password) {
    this.password = password;
}
 }
Logout.java

   public class Logout {

     public Logout() {
       }

       public String execute() throws Exception {

     Map session = ActionContext.getContext().getSession();
     session.remove("logged-in");

    return "success";
}

}

登出.jsp

   <s:property value="userName"/>
     <s:property value="password"/>
    <s:url action="Logout.action" var="urlTag">

      </s:url>
      <s:a href="%{urlTag}">URL Tag Action (via %)</s:a>

拦截器
登录测试

  package interceptor;

    import action.Login;
    import com.opensymphony.xwork2.ActionContext;
    import com.opensymphony.xwork2.ActionInvocation;
    import com.opensymphony.xwork2.interceptor.Interceptor;
    import java.util.Map;



 public class logintest implements Interceptor {

   public logintest() {
    }

public void destroy() {
    throw new UnsupportedOperationException("Not supported yet.");
}

public void init() {
    throw new UnsupportedOperationException("Not supported yet.");
}

public String intercept(ActionInvocation actionInvocation) throws Exception {
   Map<String, Object> session = ActionContext.getContext().getSession();

    // sb: feel free to change this to some other type of an object which
    // represents that the user is logged in. for this example, I am using
    // an integer which would probably represent a primary key that I would
    // look the user up by with Hibernate or some other mechanism.
    String userId = (String) session.get("logged-in");

    // sb: if the user is already signed-in, then let the request through.
    if (userId != null) {
        return actionInvocation.invoke();
    }

    Object action = actionInvocation.getAction();

    // sb: if the action doesn't require sign-in, then let it through.


    // sb: if this request does require login and the current action is
    // not the login action, then redirect the user
    if (!(action instanceof Login)) {
        return "loginRedirect";
    }

    // sb: they either requested the login page or are submitting their
    // login now, let it through
    return actionInvocation.invoke();

   }

}

struts.xml

              <!DOCTYPE struts PUBLIC
     "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN"
         "http://struts.apache.org/dtds/struts-2.1.dtd">

 <struts>
      <!-- Configuration for the default package. -->
<package name="default" extends="struts-default">

    <interceptors>

        <interceptor name="logintest"
class="interceptor.logintest"></interceptor>

        <interceptor-stack name="newStack">
            <interceptor-ref name="logintest"/>
            <interceptor-ref name="defaultStack" />
        </interceptor-stack>
    </interceptors>
    <global-results  >
        <result name="loginRedirect" type="redirect" >/login.jsp</result>
    </global-results>
    <action class="action.Login" name="Login">
        <interceptor-ref name="newStack"></interceptor-ref>
        <result name="input">/login.jsp</result>

        <result name="success">/loginsuccess.jsp</result>

    </action>

    <action class="action.Logout" name="Logout">

        <interceptor-ref name="newStack"></interceptor-ref>

        <result name="success">/login.jsp</result>
    </action>
</package>

Answer 1

作为利维。如前所述，该行为由客户端的浏览器控制。您最多可以做的是在每次请求登录页面时发送 no-cache 和可能的 no-store header ，以便浏览器不存储这些 header ，并且当用户按下回键时，浏览器必须重新请求该页面，这结果在登录页面。

您要设置的特定标题是:

response.setHeader("Cache-Control", "no-cache, no-store");
response.setDateHeader("Expires", 0);
response.setHeader("Vary", "*");