• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session invalidate

 
Aravind Prasad
Ranch Hand
Posts: 265
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
dear ranchers,
I'm doing a program in JSP and MySQL After developing it completely, i've uploaded into the remote server (Linux OS). Now i'm testing the program.

I've 3 users at present
1) Super Admin
2) Admin
3) User

When I login with SuperAdmin, I can get the privilage of all the menus.
When i logout and login as admin / user, It is loging into superadmins' page.

I've invalidated the session in the logout link and also when the page is loading. But still experiencing the same problem in Internet explorer and not in Mozilla.

The end users are using Internet Explorer and hence i want to fix the problem.

Regards

Aravind Prasad
 
Deepak Bala
Bartender
Posts: 6663
5
Firefox Browser Linux MyEclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is loging into superadmins' page.


Perhaps you are looking at a cached page ? It might also be that your logic could be at fault. I am not sure what you mean by logging into the super admin's page. What I picture here is, you have a page - welcome.jsp and some menus are available only for super admins ? Or do you have separate pages for users and the servlet redirection logic is at fault ?
 
Aravind Prasad
Ranch Hand
Posts: 265
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thankyou John for your reply.
let me explain the program..

There is a page called index.jsp.
There is a leftmenu where the permission to view the menu items is coming from the database. When a user don't have the permission to view the page it won't show that page also.

All the user details like - userid, firstname, lastname, main-menu setting, sub-menu setting, edit, delete permission is stored in the session.

So when i signout, i'm invalidating the session.but it is cached somewhere and when i login as another user it is bringing the one which i logged in before.. and when i press F5 key in the keyboard, it is showing the current user details.

Please help me to solve this.

regards

Aravind Prasad
 
Muhammad Saifuddin
Ranch Hand
Posts: 1324
Android Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
look inside the Jsp FAQs for preventing cache.

http://faq.javaranch.com/view?NoCacheHeaders
 
Aravind Prasad
Ranch Hand
Posts: 265
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Saif uddin,
Thanks for the reply. I tried to put this and it is also not working.. It is still giving me the same problem.

I put these code

response.setHeader( "Pragma", "no-cache" );
response.setHeader( "Cache-Control", "no-cache" );
response.setDateHeader( "Expires", 0 );

after the session.invalidate() it is not working.

May be you can tell me the correct place where i can add this piece of code for my program to be perfect.

Please advise me.

REgards

Aravind Prasad
 
Sunil Vasudevan
Ranch Hand
Posts: 107
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you please attach the piece of code that you use to identify the user role? If you are using session.invalidate(), it is unlikely that any value will be retrieved from the session object again. It is supposed to throw IllegalStateException if any method is called on an invalidated session.

It is possible that your code has a logical bug.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic