aspose file tools*
The moose likes JSP and the fly likes Session problem or the browser problem? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Session problem or the browser problem?" Watch "Session problem or the browser problem?" New topic
Author

Session problem or the browser problem?

paoh adam
Greenhorn

Joined: May 26, 2006
Posts: 11
HI friends,
I developed a simple application which need user to login and logout.
The problems is when user logout and then he click the back button for more many time, he will get a message from the browser which is:

// Mozilla Firefox
The page you are trying to view contains POSTDATA that has expired from cache. If you resend the data, any action from the form carried out (such as a search or online purchase) will be repeated. To resend the data, click OK. Otherwise, click Cancel.
//or in IE
Warning: Page has expired
The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you.
To resubmit your information and view this Web page, click the Refresh button.


So if he click ok(Firefox)/Refresh(IE), then he will get back the page b4 login, and of cause it is not secure if the page previous contains an important data.

Actually, I refer this article as my guidance:
http://www.javaworld.com/javaworld/jw-09-2004/jw-0927-logout.html

//this is some code in my logout.jsp


//all my jsp pages after login, I put


I have tried to print out the value of dbHost at logout.jsp, and I checked at my LogFile the value is null but then, after do a test by click the back button the value is the same like b4 logout.

When I did some searching I found this article by the same author
http://www.javaworld.com/javaworld/jw-10-2006/jw-1006-logout.html?page=1

But, it is a little bit difficult for me coz I totally don�t know about JSF and Stripe. Honestly, I am new in java.

So my dear friends, could you help me out or have any idea?
Thanks in advance for any hints
Regards
-paoh-
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

This happens any time you try to back into or refresh a page that was drawn in response to a request of type POST.
The simplest way to avoid this is not to draw pages in response to form posts.
The Post-Redirect-Get pattern solves this problem by redirecting to the response page after a post request.

Bear Bibault discusses this pattern in the following article:
http://www.javaranch.com/journal/200603/Journal200603.jsp#a5


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
paoh adam
Greenhorn

Joined: May 26, 2006
Posts: 11
Hi Ben,
I have read the article. So I tried to implement the PRG Technique to my application. But honestly, I not sure whether I am do it correctly or not...

To be concise on what I have done, below is the step I used during implemented this technique to my application:
1. I call my servlet page form a form. Example:

And sometimes I used jsp:forward.

2. I used this LoginAction as my Task Controller; then, after I did some processes here then I redirect it to another servlet page using this syntax:

But it got an error on it so I changed to a forward statement which is:


3. I used GetDatabase as my Page Controller, where it forward to jsp page using this syntax:


After I deployed, I can run this application (it can show the information) but it is still not solve the logout problem. If not a burden, could you (or any one) please tell me whether I�m doing it (PRG Technique/Servlet) right or not? And could you recommend/suggest me, any tutorial/web site that I can use this technique to solve the problem?

Thanks in advance for any hints
Regards
-paoh-
Rama Krishna Ghanta
Ranch Hand

Joined: Nov 20, 2006
Posts: 59
I used to have such problem long back. This is because, after a successful login we set some attributes in the session. These session objects are responsible for the pages to be displayed correctly. I hope you are passing some url parameters and these url parameters are from the session. The reason why you get the "Page Expired" is, after you logout and go back, the session objects will be null and the url parameters(which are the session objects) also will be null. After logout, all the session objects will be removed and thus you can't view the pages. When the session is null we normally forward the page to login page.Let me know if I am wrong.

Thanks,
Rama Krishna Ghanta


Ram...
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

...But it got an error on it so I changed to a forward statement which is:..


If you're forwarding, then you're not implementing PRG properly.
The key is to do a redirect which causes the browser to make a new GET request.

Find out what was causing the problem with sendRedirect.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

I've just added a simple JSP example of the Post-Redirect-Pattern to the JspFaq.

http://faq.javaranch.com/view?PostRedirectGet
[ January 03, 2007: Message edited by: Ben Souther ]
paoh adam
Greenhorn

Joined: May 26, 2006
Posts: 11
Thanks Ben. The example you gave really help me a lots =)... After I did some changing to my codes by referring to the example, finally the logout problem was solved.

Refer to my previous post in this topic, I changed the step 2 with :


And each of my Page Controller (servlets), I add the code like below, and then I forward it to jsp page (same like step 3). If I did not put this code, it will show the server error message.


Let me know if I am doing it wrong. And also thanks to Rama for the information given =)...

Terima kasih->thank you
Regards
-paoh-
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session problem or the browser problem?
 
Similar Threads
macking backward button false in browser window
form being submitted twice
logout session
Logout problem
need help implementing logout