Hi All, I have recently started working on JSF and i am using Oracle ADF component libraires. I am facing little problem with maintaining HttpSession.Although it might be very trivial one but i wod appreciate if i can be helped out on this. I am using a JSF JSP page for user authentication and there i am creating a HttpSession with following code: ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext(); HttpServletRequest request = (HttpServletRequest)ectx.getRequest(); HttpSession session = request.getSession(true);
session is created by the code and that's working fine. for logging out i am using the following code:
Now session does get invalidated but when i click on the "back" button of the browser, it takes me back to the page from where i had logged out.This is one part of problem.Ideally when we have logged out, clicking the back button should display "page cannot be displayed" since page is being rendered by the server, and since session is being invalidated then it shud not take the user back to the page. Also when we do session.invalidate(), does the session's value become null or not??Because i am printing session.toString() and it's giving same value as before session.invalidate().
It is the browser cache issue. The solution is to set some Http headers not to cache the page on the browser and always get it from the server. I never did this, but think you could use a PhaseListener...
Joined: Aug 23, 2007
Hi all Thanks for the answers. One thing is still occupying my mind and that is: when i do session.invalidate(), does the session's value become null or not??Because i am printing session.toString() and it's giving same value as before session.invalidate().
//code System.out.println(session.toString()); // value 1 session.invalidate(); System.out.println(session.toString()); // value 1 is also displayed here..why so??
Calling the invalidate() method on an HttpSession object will just invalidate that session but it won't certainly destroy that object (neither change the local reference - your 'session' variable - to point to 'null'... this is still java, remember).
Once a session is not longer valid (you called its invalidate() method or it simply timed-out), calling some of its methods will throw an IllegalStateException (like calling getCreationTime(), getAttribute(), getValue(), etc.). Take a look at the javadocs to get to know what you cannot do with an invalidated method.
If this explanation is not clear for you (I know I tend to be cryptic sometimes), please ask again.
Thanks for the help.I think i got your point.So now it seems that since session is getting invalidated, then I have to delete cache in the browser. I think that will do it.I will get back if i am successful!!
Joined: Aug 23, 2007
Well now that I am sure that session is getting invalidated, it has not solved my problem at all.I click back button after logging out and it takes me back to previous page which is not rendered from the server but from the browser cache.I deleted all cookies but that's not helping. Also someone in the forum told me "to set some Http headers and not to cache the page on the browser and always get it from the server".Can anyone please tell me how to do that!!