This week's giveaway is in the EJB and other Java EE Technologies forum. We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line! See this thread for details.
Bear Bibeault wrote:Why on earth would you want to expire the session just because the user refreshed the window?
I have seen some internet banking sites doing that. If you click on the refresh button/ back button of the browser a message is displayed saying that "because of security reasons back and refresh are disabled" and you will be automatically logged out of the site. I did not understand the reason for that though. Are back and refresh a threat to security in a secure web-app??