I have the requirement that the end user should not be able to go back to the restricted page after logout/sign out. But currently the end user is able to do that by the bro
*.jsp in Url Pattern won't work if you forward a page. Try to include your servlet too.. that will make your application secure from this back button problem.