In Java web projects, the "back" button is used to prevent users from returning to the page before logout

Implementation method: clear the cache in the Action


<c:if test="${!empty sessionScope.user}">
     <li><a href="#"> welcome: ${sessionscope. User. Username}</a></li>
     <li><a href="${pageContext.request.contextPath}/user/exit"target="_parent">Exit the system</a></li>


    public String exit(){
        HttpSession session = ServletActionContext.getRequest().getSession();
        return "exitOk";


<action name="exit" class="com.tjcu.action.UserAction" method="exit">
    <result name="exitOk" type="redirect">/login.jsp</result>

Although this clears the session and returns to the login page, if you click the back button of the browser, you will return to the previous page. This is because the back of the browser uses the local cache. After improvement:

Create a new NoCacheFilter class:

package com.tjcu.filter;

import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;

public class noCacheFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {


    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse hsr = (HttpServletResponse) res;
        hsr.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
        hsr.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        Expiree The entity header field gives the date and time when the response expires  HTTP1.1 Clients and caches must treat other illegal date formats (including 0) as expired
        hsr.setDateHeader("Expires", 0); // Proxies.
        chain.doFilter(req, res);

    public void destroy() {




*. jsp means that noCacheFilter is used to filter any jsp page, which can be changed according to the actual situation

Http message header includes ordinary header, request header, response header and entity header

The cache control in the normal header is used to specify cache instructions, which are unidirectional and independent

The cache instruction in the response does not necessarily exist in the request. The cache instruction of one message will not affect the cache mechanism of another message processing

Cache instruction at request: no cache / no store / max age / max state / min fresh / only if cached

Cache instruction in response: public / private / no cache / no store / no transform / must revalidate / proxy revalidate / max age / s-maxage

The instructions in each message have the following meanings:

public indicates that the response can be cached by any cache
private indicates that the whole or part of the response message for a single user cannot be processed by the shared cache. This allows the server to describe only part of the user's response message, which is invalid for requests from other users
No cache indicates that request or response messages cannot be cached
No store is used to prevent important information from being published unintentionally. Sending in the request message will make the request and response messages do not use cache

expires is a property of response, which can set the time when the page is saved in the browser's cache

It expires after the set time expires. If you browse the page again after the expiration, you need to re request the service area to send page data

If you visit this page again within the specified time, you can read it directly from the cache

*The time number can be brought into the request of the front-end verification code. Each click will be regarded as a new request

<!-- Verification Code -->
<img class="code" src="code" onclick="this.src='code?d=' + new Date()">

Tags: Java Front-end filter

Posted on Fri, 12 Nov 2021 05:13:41 -0500 by keeve