That way an invalidated session can be made visible to the user.

Regards, Silvio Bierman Maybe you should read Silvio's reply a little more closely.

Sex chat icq us - Invalidating session in struts

"Silvio Bierman" Invalidating a session is server-side logic, the back-button is purely client-side logic.

Those headers can be a combination of: Pragma=no-cache (for older browsers) Cache-control=no-store (a stricter version of no-cache) Expires=0 Setting these will prevent any non-deaf browser from showing cached content.

If you truly call session.invalidate(), then the session is gone. In first request I delete all attributes of a session and invalidate it.

Pressing the back button in your browser is simply pulling the page from your local cache, not making a new request. When I press back, in next request, I can access to the attributes of session.

Blocking Servlet.execute Request(Blocking at com.icesoft.faces.webapp.xmlhttp. Blocking Servlet.service(Blocking at javax. Http Servlet.service(Http at org.apache. Application Filter Chain.internal Do Filter(Application Filter at org.apache.

Application Filter Filter(Application Filter at org.apache.

Error Report Valve.invoke(Error Report at org.apache.

Standard Valve Context.invoke Next(Standard Valve at org.apache.

Standard Pipeline.invoke(Standard at org.apache. Standard Engine Valve.invoke(Standard Engine at org.apache.