Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session invalidate

 
akhilesh tripathi
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I require this functionality wherein when the user clicks on the back button of the browser, the session is invalidated and an error page is shown. This should also happen when the user clicks on refresh.
I have seen some banking sites wherein this kind of functionality is implemented. Can anybody tell how could that be implemented?
A quick solution would be appreciated.
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by akhilesh tripathi:
when the user clicks on the back button of the browser, the session is invalidated and an error page is shown. This should also happen when the user clicks on refresh.
I have seen some banking sites wherein this kind of functionality is implemented.



i think you can control the back button of the browser and refresh.. i do not think so...you can invalidate the session.

-------------------------------------------
because session is stored in server side
----------------------------------------------

in which banking website ,you find this functionality?
 
Amit Ghorpade
Bartender
Posts: 2854
10
Fedora Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi akhilesh tripathi welcome to Javaranch,
Is this a JSP question? please CarefullyChooseOneForum.
one of the moderators will move it to its proper place.

I think this can be done using Javascript, not sure.
 
akhilesh tripathi
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,
Is there any way to invalidate Session using Javascript.Any help is highly appreciated.
 
Rajkumar balakrishnan
Ranch Hand
Posts: 445
Android Eclipse IDE Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by akhilesh tripathi:
hi all,
Is there any way to invalidate Session using Javascript.Any help is highly appreciated.


I think there is no such way we can invalidate a session through JavaScript... If there is, then i am also awaiting for the reply
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is no way to know that a page was loaded via the back button or refresh button.

You can invalidate a session with session.invalidate().
This is obviously done on the server.
If you want to initiate this from the client, use Javascript to make an AJAX call to the servlet or JSP that contains the invalidate() call.
 
Steve Luke
Bartender
Posts: 4181
21
IntelliJ IDE Java Python
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The first question was this:
when the user clicks on the back button of the browser, the session is invalidated and an error page is shown. This should also happen when the user clicks on refresh.


This has to come from a framework of user login. Example, user logs in and an object is placed in the session indicating they are logged in. When they logout that indicator is removed. Every URL has a Filter that checks if the login indicator is present, if it is, let the user go but if not send them to an error page. See JavaWorld's handling of this for more information.

The next question was:
Is there any way to invalidate Session using Javascript


To invalidate the session in javascript? No that has to be done on the server as has been described. But you can separated the current page from the session using javascript.

Normally sessions are tracked via cookies with a name of jsessionid. You can use JavaScript to delete that cookie which effectively separates the browser from the session.

Sessions may also be tracked via URL extra information, which would make it a harder thing to do but would still be possible by including an onload event that searches all links, actions, etc... for ;jsessionid= and removing it.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic