wood burning stoves 2.0*
The moose likes JSF and the fly likes Invalidating session Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "Invalidating session" Watch "Invalidating session" New topic
Author

Invalidating session

Venkata
Ranch Hand

Joined: Sep 07, 2007
Posts: 37
Hi All

In every page of my JSF application i have logout hyper link and in my logout bean i am invalidating the session and clearing the response header using

session.invalidate();
response.setHeader("Cache-Control","no-store");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires",0);

if i click tha back button of browser still takes me to my previous page but it doen't allow any action since i already removed the session scoped beans.dio i need to remove the history using java script?

is there any other best way of achieving this?

Thanks in advance
Ven
anshul gupta
Greenhorn

Joined: Aug 23, 2007
Posts: 11
hi,
I am also facing the same problem,i have used session.invalidate() but when i click the back button it navigates back to earlier page.
Check the session value after invalidation.It should be null, but in my case it's not coming null!!
Also if you can post your login code,that would be of great help.
thanks in advance.


excuse me...while i kiss the sky.
Venkata
Ranch Hand

Joined: Sep 07, 2007
Posts: 37
Hi ,

I have seen your posting and you got the answer it seems.

My case was different. In my application i need to support the back button facility to the users as long as they are in session and valid session. If they timed out or logged out webseal should have to logout them and they should be access the application until they login again. But there is problem of browsing the history pages using back button, even they can not do any action on it....I acheived tha task using 'pkmslogout ' command appending to my URL.But want to prevent the backbutton as well once they logged out or timed out.I don't know how to do it? just clearing the header information in the session won't do any good, i think.


Any ideas???

Thanks
Ven
anshul gupta
Greenhorn

Joined: Aug 23, 2007
Posts: 11
in that case...when you ask the user to login..u should navigate him to a new page with no standard buttons available in it.this may sound creepy but it's a safer method.since there will be no such buttons like BACK, FORWARD etc. then there is no need to bother about that.
example of this type of login action is this website:
indusind website
click on login and observe the new page that pops up!
A. Dusi
Ranch Hand

Joined: Sep 27, 2004
Posts: 114
in that case...when you ask the user to login..u should navigate him to a new page with no standard buttons available in it.


What if the user right clicks and chooses to open in new tab or new window?
anshul gupta
Greenhorn

Joined: Aug 23, 2007
Posts: 11
@ DUSI

in such type of applications care is taken for the options that come under right click menu.e.g 'open link in new tab' or 'new window' is not provided there.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Invalidating session