• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

logout problem

 
michael yue
Ranch Hand
Posts: 204
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all, I have this weird problem.

After logging out from the page, and then I clicked the back button. It retrieves the previous page from cache. I have no complaints on that cause now the application is still in logoff status. But when i press the refresh/reload button a box come out with
"The page cannot be refresh without resending informtion. Click retry to resend info."
When i click retry i am automatically log back in and can go anywhere in the application. So how does one solve this problem?
 
Ali Gohar
Ranch Hand
Posts: 572
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
what mechanism you are using to log out the user?
As you described it seems that you are sending some information through html fields to the logout page.
 
michael yue
Ranch Hand
Posts: 204
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
At the logout page i done the following

HttpSession ses = request.getSession(true);
String pwd = (String)ses.getAttribute("userpwd");
String id = (String)ses.getAttribute("userid");
if (pwd!=null && id!=null){
ses.removeAttribute("userpwd");
ses.removeAttribute("userid");
}

what is the problem?
 
Gert Cuppens
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should try a session.invalidate().
 
michael yue
Ranch Hand
Posts: 204
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yeah i put invalidate but the problem still persist. Should i put code to clear the cache? or is this problem have to do with browsers only. Thanks

ses.removeAttribute("userpwd");
ses.removeAttribute("userid");
ses.invalidate();
 
Jeffrey Hunter
Ranch Hand
Posts: 305
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Two possible solutions:
  • use response header directives to prevent caching
  • use a session attribute to check if the current user is a valid user

  • Of course, if you are concerned about unauthorized users accessing the page, preventing caching will not solve this problem. Use the session attribute to control access to your pages. So for instance, on each page, if the session attribute is null, this would mean the user has not followed the proper procedure of login, so you deny them access. Once a user has logged in successfully, you set the session attribute to some meaningful value (anything really, just so it's not null). And finally, as Gert stated, you should call session.invalidate() once the user logs out. This will clear the session attributes and therefore, if the user hits the back button, the session attribute will be null and hence the user will be denied access.
     
    Ali Gohar
    Ranch Hand
    Posts: 572
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    You can also use Filter Servlet to do that. See FilterServlet for detail.
     
    michael yue
    Ranch Hand
    Posts: 204
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    I think my problem could be due to frames. My page have 2 frames. When i logout the menu frame directed the main frame to go to logout but menu frame still remains and have not logout. So how can I solve this? Both my frames check whether got session.

    Thanks
     
    michael yue
    Ranch Hand
    Posts: 204
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    I think my problem now is logging off at 2 frames at once. One on the frame menu and the other the main menu. Anyone has this problem b4 or experience this situation? Thanks
     
    Gert Cuppens
    Ranch Hand
    Posts: 87
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    To prevent the caching of your JSP's, add the following code
    <%
    response.setHeader("Cache-Control","no-cache");
    response.setHeader("Expires", "0");
    response.setHeader("Pragma", "No-cache");
    response.addHeader("Cache-control", "no-store"); // tell proxy not to cache
    response.addHeader("Cache-control", "max-age=0"); // stale right away
    %>
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic