Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HttpSession using JSF

 
anshul gupta
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I have recently started working on JSF and i am using Oracle ADF component libraires.
I am facing little problem with maintaining HttpSession.Although it might be very trivial one but i wod appreciate if i can be helped out on this.
I am using a JSF JSP page for user authentication and there i am creating a HttpSession with following code:
ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
HttpSession session = request.getSession(true);

session is created by the code and that's working fine.
for logging out i am using the following code:

ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
HttpSession session = (HttpSession)ectx.getSession(false);
System.out.println(session.toString());
session.invalidate();

Now session does get invalidated but when i click on the "back" button of the browser, it takes me back to the page from where i had logged out.This is one part of problem.Ideally when we have logged out, clicking the back button should display "page cannot be displayed" since page is being rendered by the server, and since session is being invalidated then it shud not take the user back to the page.
Also when we do session.invalidate(), does the session's value become null or not??Because i am printing session.toString() and it's giving same value as before session.invalidate().

Please help me out on this.
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Um, I think this is a browser issue. Because the Back button just displays the page that is in cache from the browser, it doesn't call back to the server.

Or am I wrong.

Mark
 
A. Dusi
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is the browser cache issue. The solution is to set some Http headers not to cache the page on the browser and always get it from the server.
I never did this, but think you could use a PhaseListener...
 
anshul gupta
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all
Thanks for the answers.
One thing is still occupying my mind and that is: when i do session.invalidate(), does the session's value become null or not??Because i am printing session.toString() and it's giving same value as before session.invalidate().

//code
System.out.println(session.toString()); // value 1
session.invalidate();
System.out.println(session.toString()); // value 1 is also displayed here..why so??

Thanks in advance
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Um, not sure, and this is a guess again, but you are calling toString(), who says that the toString() implementation shows whether the session is valid or invalidated.

So while the session might be invalidated, the toString() might still print out the same thing.

Mark
 
Sergio Tridente
Ranch Hand
Posts: 329
Java Linux Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Calling the invalidate() method on an HttpSession object will just invalidate that session but it won't certainly destroy that object (neither change the local reference - your 'session' variable - to point to 'null'... this is still java, remember).

Once a session is not longer valid (you called its invalidate() method or it simply timed-out), calling some of its methods will throw an IllegalStateException (like calling getCreationTime(), getAttribute(), getValue(), etc.). Take a look at the javadocs to get to know what you cannot do with an invalidated method.

If this explanation is not clear for you (I know I tend to be cryptic sometimes), please ask again.
 
anshul gupta
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Sergio Tridente

Thanks for the help.I think i got your point.So now it seems that since session is getting invalidated, then I have to delete cache in the browser.
I think that will do it.I will get back if i am successful!!
 
anshul gupta
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

Well now that I am sure that session is getting invalidated, it has not solved my problem at all.I click back button after logging out and it takes me back to previous page which is not rendered from the server but from the browser cache.I deleted all cookies but that's not helping.
Also someone in the forum told me "to set some Http headers and not to cache the page on the browser and always get it from the server".Can anyone please tell me how to do that!!

Thanks in advance.
 
A. Dusi
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A PhaseListener should help. See this web page.
 
anshul gupta
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@A Dusi

Thanks a bunch man....it worked fine.
 
Lee Mark
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
on that page adding that jar have not solved my problem.
is there any additional configuration needed?


anshul gupta wrote:@A Dusi

Thanks a bunch man....it worked fine.
 
Maneesh Godbole
Saloon Keeper
Posts: 11021
12
Android Eclipse IDE Google Web Toolkit Java Mac Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"void void"
Please check your private messages for an important administrative matter.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic