File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSP and the fly likes Session handling in structs framework Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Session handling in structs framework" Watch "Session handling in structs framework" New topic

Session handling in structs framework


Joined: Nov 13, 2002
Posts: 6
Hi All,
We are using session cookies to maintain user information. We have a 'Logout' button, when clicked will call session.invalidate(); method to close the session.
The question is if the user clicks on the back button and clicks on the logout button again, the server throws the following jasper exception.
javax.servlet.jsp.JspException: No bean found under attribute key UserSessionObj
javax.servlet.jsp.JspException: No bean found under attribute key UserSessionObj
at org.apache.struts.taglib.logic.CompareTagBase.condition(
at org.apache.struts.taglib.logic.EqualTag.condition(
at org.apache.struts.taglib.logic.ConditionalTagBase.doStartTag(
at org.apache.jsp.plainHeader_jsp._jspx_meth_logic_equal_0(
at org.apache.jsp.plainHeader_jsp._jspService(
at org.apache.jasper.runtime.HttpJspBase.service(
We are using struts framework. The web.xml has a listener class which has the session object. How do we make changes for it to recognise the session is invalid and redirect to ./login.jsp?
web.xml content:
If anyone knows how to handle this, we would appreciate it.
Thanks in advance.
Marilyn de Queiroz

Joined: Jul 22, 2000
Posts: 9059
Hi Madmax,

Welcome to JavaRanch! Please adjust your display name to meet the JavaRanch Naming Policy.
You can change it here.


"Yesterday is history, tomorrow is a mystery, and today is a gift; that's why they call it the present." Eleanor Roosevelt
saager mhatre
Ranch Hand

Joined: Dec 20, 2000
Posts: 61
That's basically because you're trying to invalidate a session that doesn't exist (because you just invalidated it!). You need to expire your logout page so that it cannot be accessed by using the back button on the browser.
Ravi Kumar Ravuru
Ranch Hand

Joined: Apr 18, 2002
Posts: 176
Hello Madmax,
In each jsp page,check for the session object,if it is null,redirect the page to login.jsp.If the user clicks the back button,as the session value is null,it will be redirected to login page.Hope it may help u.
I agree. Here's the link:
subject: Session handling in structs framework
It's not a secret anymore!