servlets - session.invalidate method is reloading the same page on back button -

this question has answer here:

• prevent user seeing visited secured page after logout 5 answers

in project using httpsession maintaining user state. when hit link logout servlet , logs out if press button reloads profile page again.

logoutservlet.java

httpsession session=request.getsession(false); session.invalidate(); response.sendredirect("index.html"); 

loginservlet.java

    httpsession session=request.getsession();     session.setattribute("username",u); 

i can imagine 3 possible causes :

• you using single sign on system (something cas) , automatically reconnected when close session => in case explictely disconnect sso (not common problem)
• the button of browser shows cached version of page. can confirm asking full refresh of page - ctrl-f5 find more references on wikipedia => in case cannot more except controlling configuration of cache on browser , caching parameters of page (http header expire)
• the url contains reference user , publicly accessible : display normal => if not want that, should make page accessible logged on users.