This week's book giveaway is in the OCMJEA forum.
We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line!
See this thread for details.
The moose likes JSP and the fly likes Session handling in structs framework Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Session handling in structs framework" Watch "Session handling in structs framework" New topic
Author

Session handling in structs framework

Madmax
Greenhorn

Joined: Nov 13, 2002
Posts: 6
Hi All,
We are using session cookies to maintain user information. We have a 'Logout' button, when clicked will call session.invalidate(); method to close the session.
The question is if the user clicks on the back button and clicks on the logout button again, the server throws the following jasper exception.
Error:
javax.servlet.jsp.JspException: No bean found under attribute key UserSessionObj
javax.servlet.jsp.JspException: No bean found under attribute key UserSessionObj
at org.apache.struts.taglib.logic.CompareTagBase.condition(CompareTagBase.java:222)
at org.apache.struts.taglib.logic.EqualTag.condition(EqualTag.java:90)
at org.apache.struts.taglib.logic.ConditionalTagBase.doStartTag(ConditionalTagBase.java:218)
at org.apache.jsp.plainHeader_jsp._jspx_meth_logic_equal_0(plainHeader_jsp.java:127)
at org.apache.jsp.plainHeader_jsp._jspService(plainHeader_jsp.java:87)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:136)
We are using struts framework. The web.xml has a listener class which has the session object. How do we make changes for it to recognise the session is invalid and redirect to ./login.jsp?
web.xml content:
<listener>
<listener-class>
com.user.UserSessionObj
</listener-class>
</listener>
If anyone knows how to handle this, we would appreciate it.
Thanks in advance.
Madmax
Marilyn de Queiroz
Sheriff

Joined: Jul 22, 2000
Posts: 9044
    
  10
Hi Madmax,

Welcome to JavaRanch! Please adjust your display name to meet the JavaRanch Naming Policy.
You can change it here.

Thanks!


JavaBeginnersFaq
"Yesterday is history, tomorrow is a mystery, and today is a gift; that's why they call it the present." Eleanor Roosevelt
saager mhatre
Ranch Hand

Joined: Dec 20, 2000
Posts: 61
That's basically because you're trying to invalidate a session that doesn't exist (because you just invalidated it!). You need to expire your logout page so that it cannot be accessed by using the back button on the browser.
Ravi Kumar Ravuru
Ranch Hand

Joined: Apr 18, 2002
Posts: 176
Hello Madmax,
In each jsp page,check for the session object,if it is null,redirect the page to login.jsp.If the user clicks the back button,as the session value is null,it will be redirected to login page.Hope it may help u.
Ravi
 
Don't get me started about those stupid light bulbs.
 
subject: Session handling in structs framework