I have few question regarding session management: I am running Tomcat with Eclipse plugin.
1- Is there a way to tell the container not to start a user session automatically? When I call request.getSession(false) I always get a session??
2- When a user logout, I call session.invalidate() and forward to the login screen. If the user attempt to log in again, if I call session.isNew() it returns false. Isn't suppose to return true, because the original session is invalidated, and a new session is created?
3- FireFox issue: After a user logout, if I hit the browser back button few times, the session is reconstructed with the session objects inside of it. It doesn't happen with IE.
What I am trying to do is simple. When the user logout, I want to make the user unable to go back and access any pages.
SCJD 1.4<br />SCJP 1.4<br />-----------------------------------<br />"With regard to excellence, it is not enough to know, but we must try to have and use it.<br />" Aristotle