I have a problem in the security of the code, I have simplified it to make it clearer:
<form name="formconf" action="hola.jsp" method="POST">
<input type="text" name="txtname" value="">
<input type="submit" value="Enviar" id="idbtnsend" name="btnsend" >
</form>
hola.jsp
<%
String saludo = request.getParameter("txtname");
session.setAtribute("login",request.getParameter("txtname"));
%>
<h1>Hola<%=saludo %></h1>
<a href="chat.jsp">continuar</a>
chat.jsp
<%
if(session.getAtribute("login")!=null){
out.println("Entro porque existe");
}else{
out.println("No estás logueado");
}
%>
<a href="desconectarse.jsp">Desconectarse</a>
desconectarse.jsp
<%
session.setAtribute("login",null);
[
responsive.setredirect(index.jsp);
]
[
<a href="index.jsp">volver al index</a>
]
%>
Then when it gives to disconnect it puts the variable login to null. When you try to access chat.jsp through the browser bar, it does fine because it is null. BUT if it gives back with the arrows of the browser CAN ACCESS and should not because it is null ... what I do ??