posted 17 years ago
Hi Santhana ,
The Page where you want the user to logout , does it terminate the session on that page ? i.e are you invalidating the session ? Because if the session timeout period has not got ended and the user just closes the browser , the server DOES NOT terminate the session and then someone again opens the same page the previous user was browsing , then he / she can definately see what the previous user was indeed seeing.
So , Its better to invalidate the session and forward the user to login page once session has expunged.
You can check the HttpSession interface for more details on this.
Yogendra Joshi.
Meri Zindagi Hain Tab Tak.. Jab Tak Tera Sahara.... Har Taraf Tu Hi Tu Hain SAI Tera Hi Hain Nazara.....