File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Logout Problem - Session related Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Logout Problem - Session related" Watch "Logout Problem - Session related" New topic

Logout Problem - Session related

Vaibhav Sharma

Joined: Mar 28, 2008
Posts: 14
I am facing some problem in session handling. Actually, when a user clicks on logout link, he is taken to logout.jsp where the session is invalidated. and if he uses browsers back button 2 to 3 times he reaches on the previous page.
After refreshing the window 2-3 times, browser asks for resending the POST data and maintains the session again.How can i control the user from going back to the previous page? Please help me out...

I hope my problem is clear.I want to stop user from regaining the access after logout.What procedure shall i use ?

SCJP 1.4 <br />SCWCD 5.0
Amol Fuke
Ranch Hand

Joined: Apr 08, 2005
Posts: 129
Vaibhav ,

On every page , check if session is valid.If it is not valid , forward/send it to logout.jsp


"There are no mistakes, only lessons"
Vaibhav Sharma

Joined: Mar 28, 2008
Posts: 14
It seems that you have not understood my question properly. What you are saying is one aspect of it, which i understood very well.
But my problem is one step ahead of what you are thinking of ?
In my case, if i somehow goes back to the page using browser back button, which eventually contains some postdata, then browser asks us to resend the post data and hence again maintains the session.
Kunal Jag
Ranch Hand

Joined: Jun 08, 2008
Posts: 31
On every page , check if session is valid.If it is not valid , forward/send it to logout.jsp

If you call the HttpServletRequest.getSession(false) method and the method returns null, then the user does not have a valid session; the container considers this to be the first request and she must be redirected to the login page.

Kunal Jaggi<br />Author of <a href="" target="_blank" rel="nofollow">"SCWCD Exam Guide"</a>, SCWCD 5 (exam 310-083 and 310-084), <a href="" target="_blank" rel="nofollow">McGraw-Hill</a><br /><a href="" target="_blank" rel="nofollow"></a><br /><a href="" target="_blank" rel="nofollow"></a>
Pham Hoai Van

Joined: May 20, 2008
Posts: 15
you need some javascript skill. Clear browsing history when reach logout page, user will have no chance to turn back.
I agree. Here's the link:
subject: Logout Problem - Session related
It's not a secret anymore!