This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
Hi All, We are using session cookies to maintain user information. We have a 'Logout' button, when clicked will call session.invalidate(); method to close the session. The question is if the user clicks on the back button and clicks on the logout button again, the server throws the following jasper exception. Error: javax.servlet.jsp.JspException: No bean found under attribute key UserSessionObj javax.servlet.jsp.JspException: No bean found under attribute key UserSessionObj at org.apache.struts.taglib.logic.CompareTagBase.condition(CompareTagBase.java:222) at org.apache.struts.taglib.logic.EqualTag.condition(EqualTag.java:90) at org.apache.struts.taglib.logic.ConditionalTagBase.doStartTag(ConditionalTagBase.java:218) at org.apache.jsp.plainHeader_jsp._jspx_meth_logic_equal_0(plainHeader_jsp.java:127) at org.apache.jsp.plainHeader_jsp._jspService(plainHeader_jsp.java:87) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:136) We are using struts framework. The web.xml has a listener class which has the session object. How do we make changes for it to recognise the session is invalid and redirect to ./login.jsp? web.xml content: <listener> <listener-class> com.user.UserSessionObj </listener-class> </listener> If anyone knows how to handle this, we would appreciate it. Thanks in advance. Madmax
That's basically because you're trying to invalidate a session that doesn't exist (because you just invalidated it!). You need to expire your logout page so that it cannot be accessed by using the back button on the browser.
Hello Madmax, In each jsp page,check for the session object,if it is null,redirect the page to login.jsp.If the user clicks the back button,as the session value is null,it will be redirected to login page.Hope it may help u. Ravi