File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Logoff button - what to do? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Logoff button - what to do?" Watch "Logoff button - what to do?" New topic
Author

Logoff button - what to do?

ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Hi,

What activities should be happen on Logoff button click???

1] Deleting session...

Please comments...

Thanks.

Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

Whatever you want it to do. You don't necessarily have to delete the whole session. But you can if you want. I've done several different things on different web applications. I don't think there are definative answers to this, though there might be similar actions done in various scenerios.

What activities do you think should happen on logoff?


GenRocket - Experts at Building Test Data
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Originally posted by Gregg Bolinger:


What activities do you think should happen on logoff?


Removing everything from memory that we stored at the time of login... :roll:
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
I am deleting session on logoff button...

But it is not working the way it should be, I mean, user is still able to go on his page with back button... I am not able to prevent this...

Please suggest some way...

Thanks.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

I think it was something about setting http headers "Expires" to 0 and "Cache-Control" to "no-cache".


[My Blog]
All roads lead to JavaRanch
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Originally posted by Satou kurinosuke:
I think it was something about setting http headers "Expires" to 0 and "Cache-Control" to "no-cache".


Could you please explain this with little code.

Thanks.

David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

search the forum fo 'no cache'. If you include the correct instructions telling the browser not to cache the page, it won't. If the user logs out and tries the back button, the browser will re-request the page and be denied by the server.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

like this
Stuart Ash
Ranch Hand

Joined: Oct 07, 2005
Posts: 637
Originally posted by rathi ji:
Hi,

What activities should be happen on Logoff button click???

1] Deleting session...

Please comments...

Thanks.




The lights must go off, the shutters must go down, the traffic must halt, people must freeze, and the rotation of the earth must come to a grinding halt!!!



Make sure, these are all implemented.


At the syntax level,

1. Delete the session
2. Make the previous pages ungobackable (the cache thing)
3. Offer to close the window, or take the user back to the login page.
4. Take a coffee break and drink some mint tea.


ASCII silly question, Get a silly ANSI.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

What activities should be happen on Logoff button click???

I've pointed this out a few times but it is always worth being aware of: while many containers use the session id to track users after they have logged in, authentication and session tracking are not the same thing.

Removing the user session is not always enough to log the user out. The example I usually give is with Websphere - it uses it's own encrypted cookie to maintain authentication details. If the session expires, the server gives them a new one but does not require them to log in again, so invalidating the session just means they get a new session, but you have not logged them off.

Dave
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Logoff button - what to do?