| Author |
logout problem
|
michael yue
Ranch Hand
Joined: Nov 20, 2003
Posts: 204
|
|
Hi all, I have this weird problem.
After logging out from the page, and then I clicked the back button. It retrieves the previous page from cache. I have no complaints on that cause now the application is still in logoff status. But when i press the refresh/reload button a box come out with
"The page cannot be refresh without resending informtion. Click retry to resend info."
When i click retry i am automatically log back in and can go anywhere in the application. So how does one solve this problem?
|
 |
Ali Gohar
Ranch Hand
Joined: Mar 18, 2004
Posts: 572
|
|
what mechanism you are using to log out the user?
As you described it seems that you are sending some information through html fields to the logout page.
|
|
michael yue
Ranch Hand
Joined: Nov 20, 2003
Posts: 204
|
|
At the logout page i done the following
HttpSession ses = request.getSession(true);
String pwd = (String)ses.getAttribute("userpwd");
String id = (String)ses.getAttribute("userid");
if (pwd!=null && id!=null){
ses.removeAttribute("userpwd");
ses.removeAttribute("userid");
}
what is the problem?
|
|
Gert Cuppens
Ranch Hand
Joined: Jul 13, 2003
Posts: 87
|
|
|
You should try a session.invalidate().
|
|
michael yue
Ranch Hand
Joined: Nov 20, 2003
Posts: 204
|
|
yeah i put invalidate but the problem still persist. Should i put code to clear the cache? or is this problem have to do with browsers only. Thanks
ses.removeAttribute("userpwd");
ses.removeAttribute("userid");
ses.invalidate();
|
|
Jeffrey Hunter
Ranch Hand
Joined: Apr 16, 2004
Posts: 305
|
|
Two possible solutions:
use response header directives to prevent cachinguse a session attribute to check if the current user is a valid user
Of course, if you are concerned about unauthorized users accessing the page, preventing caching will not solve this problem. Use the session attribute to control access to your pages. So for instance, on each page, if the session attribute is null, this would mean the user has not followed the proper procedure of login, so you deny them access. Once a user has logged in successfully, you set the session attribute to some meaningful value (anything really, just so it's not null). And finally, as Gert stated, you should call session.invalidate() once the user logs out. This will clear the session attributes and therefore, if the user hits the back button, the session attribute will be null and hence the user will be denied access.
|
|
Ali Gohar
Ranch Hand
Joined: Mar 18, 2004
Posts: 572
|
|
|
You can also use Filter Servlet to do that. See FilterServlet for detail.
|
|
michael yue
Ranch Hand
Joined: Nov 20, 2003
Posts: 204
|
|
I think my problem could be due to frames. My page have 2 frames. When i logout the menu frame directed the main frame to go to logout but menu frame still remains and have not logout. So how can I solve this? Both my frames check whether got session.
Thanks
|
|
michael yue
Ranch Hand
Joined: Nov 20, 2003
Posts: 204
|
|
|
I think my problem now is logging off at 2 frames at once. One on the frame menu and the other the main menu. Anyone has this problem b4 or experience this situation? Thanks
|
|
Gert Cuppens
Ranch Hand
Joined: Jul 13, 2003
Posts: 87
|
|
To prevent the caching of your JSP's, add the following code
<%
response.setHeader("Cache-Control","no-cache");
response.setHeader("Expires", "0");
response.setHeader("Pragma", "No-cache");
response.addHeader("Cache-control", "no-store"); // tell proxy not to cache
response.addHeader("Cache-control", "max-age=0"); // stale right away
%>
|
|
 |
|
|
subject: logout problem
|
|
|
0
