This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes JSF and the fly likes HttpSession using JSF Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "HttpSession using JSF" Watch "HttpSession using JSF" New topic
Author

HttpSession using JSF

anshul gupta
Greenhorn

Joined: Aug 23, 2007
Posts: 11
Hi All,
I have recently started working on JSF and i am using Oracle ADF component libraires.
I am facing little problem with maintaining HttpSession.Although it might be very trivial one but i wod appreciate if i can be helped out on this.
I am using a JSF JSP page for user authentication and there i am creating a HttpSession with following code:
ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
HttpSession session = request.getSession(true);

session is created by the code and that's working fine.
for logging out i am using the following code:

ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
HttpSession session = (HttpSession)ectx.getSession(false);
System.out.println(session.toString());
session.invalidate();

Now session does get invalidated but when i click on the "back" button of the browser, it takes me back to the page from where i had logged out.This is one part of problem.Ideally when we have logged out, clicking the back button should display "page cannot be displayed" since page is being rendered by the server, and since session is being invalidated then it shud not take the user back to the page.
Also when we do session.invalidate(), does the session's value become null or not??Because i am printing session.toString() and it's giving same value as before session.invalidate().

Please help me out on this.


excuse me...while i kiss the sky.
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17249
    
    6

Um, I think this is a browser issue. Because the Back button just displays the page that is in cache from the browser, it doesn't call back to the server.

Or am I wrong.

Mark


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
A. Dusi
Ranch Hand

Joined: Sep 27, 2004
Posts: 114
It is the browser cache issue. The solution is to set some Http headers not to cache the page on the browser and always get it from the server.
I never did this, but think you could use a PhaseListener...
anshul gupta
Greenhorn

Joined: Aug 23, 2007
Posts: 11
Hi all
Thanks for the answers.
One thing is still occupying my mind and that is: when i do session.invalidate(), does the session's value become null or not??Because i am printing session.toString() and it's giving same value as before session.invalidate().

//code
System.out.println(session.toString()); // value 1
session.invalidate();
System.out.println(session.toString()); // value 1 is also displayed here..why so??

Thanks in advance
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17249
    
    6

Um, not sure, and this is a guess again, but you are calling toString(), who says that the toString() implementation shows whether the session is valid or invalidated.

So while the session might be invalidated, the toString() might still print out the same thing.

Mark
Sergio Tridente
Ranch Hand

Joined: Mar 22, 2007
Posts: 329

Hi,

Calling the invalidate() method on an HttpSession object will just invalidate that session but it won't certainly destroy that object (neither change the local reference - your 'session' variable - to point to 'null'... this is still java, remember).

Once a session is not longer valid (you called its invalidate() method or it simply timed-out), calling some of its methods will throw an IllegalStateException (like calling getCreationTime(), getAttribute(), getValue(), etc.). Take a look at the javadocs to get to know what you cannot do with an invalidated method.

If this explanation is not clear for you (I know I tend to be cryptic sometimes), please ask again.


SCJP 1.4 (88%) - SCJP 5.0 Upgrade (93%) - SCWCD 1.4 (97%) - SCBCD 5.0 (98%)
anshul gupta
Greenhorn

Joined: Aug 23, 2007
Posts: 11
@Sergio Tridente

Thanks for the help.I think i got your point.So now it seems that since session is getting invalidated, then I have to delete cache in the browser.
I think that will do it.I will get back if i am successful!!
anshul gupta
Greenhorn

Joined: Aug 23, 2007
Posts: 11
Hi all,

Well now that I am sure that session is getting invalidated, it has not solved my problem at all.I click back button after logging out and it takes me back to previous page which is not rendered from the server but from the browser cache.I deleted all cookies but that's not helping.
Also someone in the forum told me "to set some Http headers and not to cache the page on the browser and always get it from the server".Can anyone please tell me how to do that!!

Thanks in advance.
A. Dusi
Ranch Hand

Joined: Sep 27, 2004
Posts: 114
A PhaseListener should help. See this web page.
anshul gupta
Greenhorn

Joined: Aug 23, 2007
Posts: 11
@A Dusi

Thanks a bunch man....it worked fine.
Lee Mark
Ranch Hand

Joined: Mar 05, 2009
Posts: 46
on that page adding that jar have not solved my problem.
is there any additional configuration needed?


anshul gupta wrote:@A Dusi

Thanks a bunch man....it worked fine.
Maneesh Godbole
Saloon Keeper

Joined: Jul 26, 2007
Posts: 10167
    
    8

"void void"
Please check your private messages for an important administrative matter.


[How to ask questions] [Donate a pint, save a life!] [Onff-turn it on!]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: HttpSession using JSF
 
Similar Threads
Problem with Navigation in subview
how to invalidate existing session and create new session in jsf?
Logout in JSF with Security managed by Glassfish v3.1
After logout in JSF relogin withtout credentials possible
File downloading