wood burning stoves
The moose likes Servlets and the fly likes Session management? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session management?" Watch "Session management?" New topic

Session management?

Hanna Habashy
Ranch Hand

Joined: Aug 20, 2003
Posts: 532
I have few question regarding session management:
I am running Tomcat with Eclipse plugin.

1- Is there a way to tell the container not to start a user session automatically?
When I call request.getSession(false) I always get a session??

2- When a user logout, I call session.invalidate() and forward to the login screen. If the user attempt to log in again, if I call session.isNew() it returns false.
Isn't suppose to return true, because the original session is invalidated, and a new session is created?

3- FireFox issue: After a user logout, if I hit the browser back button few times, the session is reconstructed with the session objects inside of it. It doesn't happen with IE.

What I am trying to do is simple. When the user logout, I want to make the user unable to go back and access any pages.


SCJD 1.4<br />SCJP 1.4<br />-----------------------------------<br />"With regard to excellence, it is not enough to know, but we must try to have and use it.<br />" Aristotle
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63868

See the bazillion topics that ask how to disable the back button. The all say the same thing:

1) disable caching on the pages
2) Employ the PRG pattern

With regards to sessions, I think you are over-thinking things. Let the container do as it will with sessions. It's almost always the right thing once you get the above set up.

[Asking smart questions] [About Bear] [Books by Bear]
I agree. Here's the link: http://aspose.com/file-tools
subject: Session management?
It's not a secret anymore!