GeeCON Prague 2014*
The moose likes Servlets and the fly likes need help implementing logout Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "need help implementing logout" Watch "need help implementing logout" New topic
Author

need help implementing logout

kwame Iwegbue
Ranch Hand

Joined: Sep 02, 2000
Posts: 197
After logging out of my application, clicking the back arrow sends the user to the previous page, but the user remains locked out. However when you get to a page that contains a form, you're presented with a dialog box that essentially re-posts the login data! How can I over ride this. I thought I had all the bases covered with the code below:


Clicking 'log out' on my application, the following code is called:



...and in the JSPs, I have this in the header:



Who dares, wins! (SAS motto)
Scott Selikoff
author
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3710
    
    5

You could implement a more complex session management system that creates a database entry for each active session. You could also choose to instead of invalidating the session, setting a 'disabled' flag.

There's probably some other 'cleaner' approaches although having a table that manages active sessions can be useful for tracking and management.


My Blog: Down Home Country Coding with Scott Selikoff
kwame Iwegbue
Ranch Hand

Joined: Sep 02, 2000
Posts: 197
Thank you for your prompt reply Scott.

You could implement a more complex session management system that creates a database entry for each active session.


How would this work? do I save a session_id to the database and compare with each new login?
reddy yeruva
Greenhorn

Joined: Oct 18, 2006
Posts: 18
i can suggest a simple javascript approach

in the logout.jsp page

after the form tage place in javascript as follows

window.history.forward(1);

so when ever you press the back page it will forward the login.jsp page.


Y.Tirupati Reddy<br />reddy.yeruva@gmail.com
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Try disabling the browser cache.Probably the pages getting fetched from the cache.And in the header of every page add session check.If the user is not authinticated then redirect to the login page.To disable the browser , you can use meta-link in the head tag of each of the html's.


Rahul Bhattacharjee
LinkedIn - Blog
Bosun Bello
Ranch Hand

Joined: Nov 06, 2000
Posts: 1510
Unless you are certain no user will be accesing with an older browser, you may want to add the folowing to your JSPs.

response.setHeader("Pragma", "no-cache");


Bosun (SCJP, SCWCD)
So much trouble in the world -- Bob Marley
vishwanath nadimpally
Ranch Hand

Joined: Jan 25, 2005
Posts: 116
This is a nice article on how to fix the logout problem. http://www.javaworld.com/javaworld/jw-09-2004/jw-0927-logout.html
 
GeeCON Prague 2014
 
subject: need help implementing logout