File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session management?

 
Hanna Habashy
Ranch Hand
Posts: 532
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have few question regarding session management:
I am running Tomcat with Eclipse plugin.

1- Is there a way to tell the container not to start a user session automatically?
When I call request.getSession(false) I always get a session??

2- When a user logout, I call session.invalidate() and forward to the login screen. If the user attempt to log in again, if I call session.isNew() it returns false.
Isn't suppose to return true, because the original session is invalidated, and a new session is created?

3- FireFox issue: After a user logout, if I hit the browser back button few times, the session is reconstructed with the session objects inside of it. It doesn't happen with IE.

What I am trying to do is simple. When the user logout, I want to make the user unable to go back and access any pages.

Thanks
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64182
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
See the bazillion topics that ask how to disable the back button. The all say the same thing:

1) disable caching on the pages
2) Employ the PRG pattern

With regards to sessions, I think you are over-thinking things. Let the container do as it will with sessions. It's almost always the right thing once you get the above set up.
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic