File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes logout problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "logout problem" Watch "logout problem" New topic
Author

logout problem

michael yue
Ranch Hand

Joined: Nov 20, 2003
Posts: 204
Hi all, I have this weird problem.

After logging out from the page, and then I clicked the back button. It retrieves the previous page from cache. I have no complaints on that cause now the application is still in logoff status. But when i press the refresh/reload button a box come out with
"The page cannot be refresh without resending informtion. Click retry to resend info."
When i click retry i am automatically log back in and can go anywhere in the application. So how does one solve this problem?
Ali Gohar
Ranch Hand

Joined: Mar 18, 2004
Posts: 572
what mechanism you are using to log out the user?
As you described it seems that you are sending some information through html fields to the logout page.
michael yue
Ranch Hand

Joined: Nov 20, 2003
Posts: 204
At the logout page i done the following

HttpSession ses = request.getSession(true);
String pwd = (String)ses.getAttribute("userpwd");
String id = (String)ses.getAttribute("userid");
if (pwd!=null && id!=null){
ses.removeAttribute("userpwd");
ses.removeAttribute("userid");
}

what is the problem?
Gert Cuppens
Ranch Hand

Joined: Jul 13, 2003
Posts: 87
You should try a session.invalidate().
michael yue
Ranch Hand

Joined: Nov 20, 2003
Posts: 204
yeah i put invalidate but the problem still persist. Should i put code to clear the cache? or is this problem have to do with browsers only. Thanks

ses.removeAttribute("userpwd");
ses.removeAttribute("userid");
ses.invalidate();
Jeffrey Hunter
Ranch Hand

Joined: Apr 16, 2004
Posts: 305
Two possible solutions:
  • use response header directives to prevent caching
  • use a session attribute to check if the current user is a valid user

  • Of course, if you are concerned about unauthorized users accessing the page, preventing caching will not solve this problem. Use the session attribute to control access to your pages. So for instance, on each page, if the session attribute is null, this would mean the user has not followed the proper procedure of login, so you deny them access. Once a user has logged in successfully, you set the session attribute to some meaningful value (anything really, just so it's not null). And finally, as Gert stated, you should call session.invalidate() once the user logs out. This will clear the session attributes and therefore, if the user hits the back button, the session attribute will be null and hence the user will be denied access.
    Ali Gohar
    Ranch Hand

    Joined: Mar 18, 2004
    Posts: 572
    You can also use Filter Servlet to do that. See FilterServlet for detail.
    michael yue
    Ranch Hand

    Joined: Nov 20, 2003
    Posts: 204
    I think my problem could be due to frames. My page have 2 frames. When i logout the menu frame directed the main frame to go to logout but menu frame still remains and have not logout. So how can I solve this? Both my frames check whether got session.

    Thanks
    michael yue
    Ranch Hand

    Joined: Nov 20, 2003
    Posts: 204
    I think my problem now is logging off at 2 frames at once. One on the frame menu and the other the main menu. Anyone has this problem b4 or experience this situation? Thanks
    Gert Cuppens
    Ranch Hand

    Joined: Jul 13, 2003
    Posts: 87
    To prevent the caching of your JSP's, add the following code
    <%
    response.setHeader("Cache-Control","no-cache");
    response.setHeader("Expires", "0");
    response.setHeader("Pragma", "No-cache");
    response.addHeader("Cache-control", "no-store"); // tell proxy not to cache
    response.addHeader("Cache-control", "max-age=0"); // stale right away
    %>
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: logout problem