Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session management?

 
Hanna Habashy
Ranch Hand
Posts: 532
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have few question regarding session management:
I am running Tomcat with Eclipse plugin.

1- Is there a way to tell the container not to start a user session automatically?
When I call request.getSession(false) I always get a session??

2- When a user logout, I call session.invalidate() and forward to the login screen. If the user attempt to log in again, if I call session.isNew() it returns false.
Isn't suppose to return true, because the original session is invalidated, and a new session is created?

3- FireFox issue: After a user logout, if I hit the browser back button few times, the session is reconstructed with the session objects inside of it. It doesn't happen with IE.

What I am trying to do is simple. When the user logout, I want to make the user unable to go back and access any pages.

Thanks
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64712
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
See the bazillion topics that ask how to disable the back button. The all say the same thing:

1) disable caching on the pages
2) Employ the PRG pattern

With regards to sessions, I think you are over-thinking things. Let the container do as it will with sessions. It's almost always the right thing once you get the above set up.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic