wood burning stoves 2.0*
The moose likes Tomcat and the fly likes Tomcat session error Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat session error" Watch "Tomcat session error" New topic
Author

Tomcat session error

Elías Porfirio
Greenhorn

Joined: Jun 08, 2009
Posts: 4
Hello,

I am having a problem logging out of my web app. A user logs in from a jsp page, the request is forwarded to a login servlet that then redirected to a jsp page after authentication. This works well. The problem occurs when the user selects the remember me option on the login page and then tries to logout. On logging out cookies are deleted and the system seems to be logged out but if the user revisits the page that the system forwards to after login, they are logged in again (not by using the back button but by revisiting the page, it is not protected). If they visit any other page they are not logged back in. The bad part is whatever error causes this also causes all who visit the website to be logged in automatically as that user and they have the ability to update details and change passwords.

Any ideas on what could be causing this?
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15950
    
  19

I'm not sure you're really getting all your cookies deleted. In any event, you should be keeping the definitive login indicator on the server (in session data), not on the client. The standard logout technique is nothing but a session.invalidate() method call that discards the session and its associated data.

You've got a classic example of the "Western Movie Set Town" syndrome; which, ironically, I just described here.


Customer surveys are for companies who didn't pay proper attention to begin with.
Elías Porfirio
Greenhorn

Joined: Jun 08, 2009
Posts: 4
Thanks for the reply i believe i got the problem fixed. I had the cookie login code in a jsp that was included using <%@ include %> and i transferred it to servlet instead and included it using <jsp:include page="" flush="true" /> and now it works fine.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat session error
 
Similar Threads
Problem with session
Logging out problem in JSP
session handling problem
Session Management problem in Struts
how to make logout page?