| Author |
Session management?
|
Hanna Habashy
Ranch Hand
Joined: Aug 20, 2003
Posts: 532
|
|
I have few question regarding session management:
I am running Tomcat with Eclipse plugin.
1- Is there a way to tell the container not to start a user session automatically?
When I call request.getSession(false) I always get a session??
2- When a user logout, I call session.invalidate() and forward to the login screen. If the user attempt to log in again, if I call session.isNew() it returns false.
Isn't suppose to return true, because the original session is invalidated, and a new session is created?
3- FireFox issue: After a user logout, if I hit the browser back button few times, the session is reconstructed with the session objects inside of it. It doesn't happen with IE.
What I am trying to do is simple. When the user logout, I want to make the user unable to go back and access any pages.
Thanks
|
SCJD 1.4<br />SCJP 1.4<br />-----------------------------------<br />"With regard to excellence, it is not enough to know, but we must try to have and use it.<br />" Aristotle
|
 |
Bear Bibeault
Author and ninkuma
Marshal
Joined: Jan 10, 2002
Posts: 56179
|
|
See the bazillion topics that ask how to disable the back button. The all say the same thing:
1) disable caching on the pages
2) Employ the PRG pattern
With regards to sessions, I think you are over-thinking things. Let the container do as it will with sessions. It's almost always the right thing once you get the above set up.
|
[Smart Questions] [JSP FAQ] [Books by Bear] [Bear's FrontMan] [About Bear]
|
|
 |
|
|
subject: Session management?
|
|
|
0
