• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Killing a session in a servlet!!

 
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In my logoff servlet,i have used session.invalidate().
but still if i click back button of the browser after logging out ,it again takes me to the previous page.and allows me to manipulate that page.actually it should not allow me to manipulate.
Can anyone please help me regarding this.
Thanks,
Raj.
 
Ranch Hand
Posts: 1467
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Raj,
I used a technique for proper authendication of users for a web application. Basically the logic I used is this.
1. In the servlet first check if the Session object exists.
2. If exists check in the session there is a <i>special session object</i>. This special object (here 'UserView' )was already put by our application when a user properly logs into the system.
Basically if a user properly logs in, we create a viewbean object with members loginID, and password and put into memory (put in session with a name like 'userView', so that we can properly check back for the view bean object in session with the nameTag, latter,in any servlet ). This CREATING NEW SESSION and putting a viewBean in session are done in the LoginServlet.
// sample code

3. If that special session object exists, give a GO-AHEAD. Further processiog in the servlet.

4. If not redirect the user to login page/ or a 'notLoggedIn.html' page, and ask the user to PROPERLY LOGIN to the system. I use 'forward' instead of 'redirect' API since this redirect doesn't work properly.

Raj,
I have given you an idea of how I have done. I have written an authendication servlet and put it online in the wYou can check it online in http://www.webappcabaret.com/maha/
Try the following test cases in Maha's web applicaion in the mentioned link
----------------------------
I have 2 users in the database.
1. loginId : 1000
password: maha
2. loginId :1001
password :anna

Test case 1 :
-------------
Login as 1000 with password maha
Try to login again
Logout
Test case 2 :
------------
Login as 1001 with password anna
Logout
Try logout again
Test case 3 :
------------
Try logout WITOUT logged in first
Basically this system DOESNOT allow the user into the system without properly logged in. I used 2 servlets,some viewbeans,JDBC-MYSQL database,2 JSP pages, 2 html pages. and the MVC (Model-View-Control) Design pattern.
If you further need help I can send you the full source code in Zip file to you.
regds
maha anna


[This message has been edited by maha anna (edited October 04, 2000).]
 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Maha,
I got the same question too. I don't quite get your reply. Could you please mail the source code to nerdsnow@hotmail.com so that I can try it out on my machine? Thanks!
 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi maha anna,
thank u very much for ur kind advice.
can u send me the source code.
Thanks,
Raj.
 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

hello maha anna,
I am alos working for a similar kind of project where i need
to kill or invalidate a session variable aat the logout page.
Do please mail me the source code at alit_mohan@yahoo.com,
regards and thanks in advance
- mohan
 
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Anna,
Would you please email me the source code for logout session tracking. Thanks
beksy98@yahoo.com
 
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Maha,
I have done the session tracking part and it works fine.but i have a basic
doubt.here it goes
lets assume i write a complete web app.this app has 3 servlets and 4 jsp
docs.once the user logs in, the 1st servlet puts a session id in to this
session.the other servlets and jsp pages check for this id before they
process any user request.
my question is:if two users login at the same time then the servlet will
put two separate ids for both the users.now my doubt is, when the rest of
the servlets and jsp docs try to retrieve the id, how will they
know which id is their's.will they not get confused?for my app if this
happens(i mean one user reading another users id) it will be disastrous.
please clear my doubt.
Thanks in advance.
Regards,
Subramanian
 
reply
    Bookmark Topic Watch Topic
  • New Topic