This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Tomcat session error Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat session error" Watch "Tomcat session error" New topic
Author

Tomcat session error

Elías Porfirio
Greenhorn

Joined: Jun 08, 2009
Posts: 4
Hello,

I am having a problem logging out of my web app. A user logs in from a jsp page, the request is forwarded to a login servlet that then redirected to a jsp page after authentication. This works well. The problem occurs when the user selects the remember me option on the login page and then tries to logout. On logging out cookies are deleted and the system seems to be logged out but if the user revisits the page that the system forwards to after login, they are logged in again (not by using the back button but by revisiting the page, it is not protected). If they visit any other page they are not logged back in. The bad part is whatever error causes this also causes all who visit the website to be logged in automatically as that user and they have the ability to update details and change passwords.

Any ideas on what could be causing this?
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15959
    
  19

I'm not sure you're really getting all your cookies deleted. In any event, you should be keeping the definitive login indicator on the server (in session data), not on the client. The standard logout technique is nothing but a session.invalidate() method call that discards the session and its associated data.

You've got a classic example of the "Western Movie Set Town" syndrome; which, ironically, I just described here.


Customer surveys are for companies who didn't pay proper attention to begin with.
Elías Porfirio
Greenhorn

Joined: Jun 08, 2009
Posts: 4
Thanks for the reply i believe i got the problem fixed. I had the cookie login code in a jsp that was included using <%@ include %> and i transferred it to servlet instead and included it using <jsp:include page="" flush="true" /> and now it works fine.
 
Don't get me started about those stupid light bulbs.
 
subject: Tomcat session error
 
Similar Threads
Session Management problem in Struts
how to make logout page?
Problem with session
Logging out problem in JSP
session handling problem