aspose file tools*
The moose likes JSF and the fly likes Expire session and show 'invalid session' page when user press browser's back button Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "Expire session and show Watch "Expire session and show New topic
Author

Expire session and show 'invalid session' page when user press browser's back button

Prince Lukose
Greenhorn

Joined: Nov 02, 2009
Posts: 3
Hi All,
My requirement is to invalidate session and show a 'session expiry' page whenever user press browser's back button. I am using JSF and richfaces for building web pages.

Could anyone suggest a way to resolve this issue please?

Francis
Rajiv Putuval
Greenhorn

Joined: Jun 06, 2006
Posts: 3
Hi,

I am not sure how to go about with JSF, but I had been working on Spring MVC.
Let me explain in generic.

Following will be needed:
1. 2 tokens to identify the current page and the next page in the current JSP.
2. method abc () to be called in all the requests.

Tokens:
------
There will be two hidden variables, currentPage and nextPage in the page.
The currentPage will have a hardcoded value for each page.
The nextPage will take the name of the next page when the event handler is called in javascript.

Session update:
--------------
When the request successfully moves from one page to another, a variable currentPage will be stored in the session with the destination page (nextPage).
This happens before the forward is returned by an action method.

Action Class Update:
-------------------
All the methods of the action class will have to call the super class method abc() which will perform the following:
This will read the currentPage attribute from the request parameter and compare the same with the session variable.
In case, the variables are the same, proceed to perform the action, else redirect to the session invalid page.

Hope this will suffice your requirement.

Rajiv
Prince Lukose
Greenhorn

Joined: Nov 02, 2009
Posts: 3
Thank you very much for your suggestion, Rajiv. This is an interesting solution.

Could you please also explain, how can we perform a server interaction from the previous page when user presses browser's 'back' button? I think, browser will not submit details to server when user press back button. In this scenario, I am afraid, we cannot compare the page tokens in server, and redirect user to 'session expiry' page.

Thanks,
Francis
Rajiv Putuval
Greenhorn

Joined: Jun 06, 2006
Posts: 3
Hi,

Hmm, in my application, I had encountered the page submission whenever I clicked the back button.
So maybe I did not feel that there could be a possibility of the browser not submitting any request.

I am not in a position to analyze how the browser decides whether to submit the page or not.
In this case, it is a browser specific event handling, which is not in the application's control.

Maybe I will have to do a little research on this.
Sorry, I could not be of any help to you at the moment.

Regards,
Rajiv
Prince Lukose
Greenhorn

Joined: Nov 02, 2009
Posts: 3
No problem, Rajiv.
I am really thankful to you for spending your time for analysing my problem.

Thanks & regards,
Francis
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Expire session and show 'invalid session' page when user press browser's back button
 
Similar Threads
How to refresh my page?
Selection List Change not updated
Session Object problem when use back button
creating the page Expired
Error Page on clicking back button