This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Session tracking Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Session tracking" Watch "Session tracking" New topic
Author

Session tracking

Kitty Dayal
Ranch Hand

Joined: Jul 22, 2004
Posts: 89
Hi all,
I am tring to try and figure out how session tracking work's in servlets.
I will post the code and would appreciate the guru's to let me know if there is a better way of tracking user session's. Also I have one problem with my current code, when i click the back button on the browser i still see the secured webpage even though i have invalidated my session. Thanks for your replies...
index.jsp page(login page)


Login servlet code.

welcome.java code

Logoff.java code


the problem is when the user uses the back button, he can still see the contents on the welcome page? Thanks!
-Kitz
Narendra Dhande
Ranch Hand

Joined: Dec 04, 2004
Posts: 950
Hello,

I think the page is cached in the browser therfore it is showing the page. I am not sure but the problem can be sloved by adding the following two lines to set the cache control while sending the response.

response.setHeader("Cache-control","no-cache"); //HTTP 1.1
response.setHeader("pragma","no-cache");

Alternatively, you can use the "no-store" value in above lines instead of "no-cache". This value will not store the page in browser temporary directory.

Thank you.


Narendra Dhande
SCJP 1.4,SCWCD 1.4, SCBCD 5.0, SCDJWS 5.0, SCEA 5.0
Bharat Roy
Ranch Hand

Joined: Jul 01, 2004
Posts: 156
Originally posted by Narendra Dhande:
Hello,

I think the page is cached in the browser therfore it is showing the page. I am not sure but the problem can be sloved by adding the following two lines to set the cache control while sending the response.

response.setHeader("Cache-control","no-cache"); //HTTP 1.1
response.setHeader("pragma","no-cache");

Alternatively, you can use the "no-store" value in above lines instead of "no-cache". This value will not store the page in browser temporary directory.

Thank you.

Hi Narendra,

Setting those headers definitely worked, but after Refreshing that "expired page" the contents did come back. How to stop the browser to RE-send the contents back to the server after the page has expired.

Thanks.
 
 
subject: Session tracking
 
Similar Threads
Servlet API 2.2
response.sendRedirect not working
Killing session when closing the browser
whilst fooling around with SessionId and cookies...
problem executing the servlet