aspose file tools*
The moose likes Struts and the fly likes Form Bean after Session.Invalidate() Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Form Bean after Session.Invalidate()" Watch "Form Bean after Session.Invalidate()" New topic
Author

Form Bean after Session.Invalidate()

Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
In my application I have a logout link on pages. This link control goes to 'Logout' action where I clean up the session variables and then invalidate the session with:

session.invalidate();


if I keep going back with the back key of my browser till the login page url, IE shows me the expired message. but if I referesh the page, it logs me in. Formbean values are still populated. Even though the scope of the form was 'request' in struts-config.xml

kindly guide, why it's happening and how to invalidate/nullify the form-bean values.

Thanks
Neeraj.
Bunty Naagar
Greenhorn

Joined: Feb 27, 2007
Posts: 14
Refreshing the page sends the exact same request again.
To avoid processing a duplicate request, you can use TokenInterceptor


SCJP 5, SCWCD 5
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

You need to disable caching.
Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
we have already put following headers -

response.setHeader("Cache-Control","no-cache,no-store");
response.setHeader("Pragma","no-cache");
response.setDateHeader ("Expires", -1);

but its not working. after refreshing the page, it submits the login details.

we are also thinking of using token, but its a lengthy process to do it on every hyperlink in the applications ..loooking for some samller route to implement it


Thanks a ton for your inputs.
Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
any inputs will be a great help, if you could tell why the following lines are not havnig the desired effect -

response.setHeader("Cache-Control","no-cache,no-store");
response.setHeader("Pragma","no-cache");
response.setDateHeader ("Expires", -1);



thanks
Neeraj.

Sreenath Rajagopal
Greenhorn

Joined: Mar 19, 2007
Posts: 7
Neeraj...
this is a big prob...but solvable..

You take username and password and then store it in some session values. then use a new request (using redirect) to go to next page as login validation action class.
and while logout you use invalidate function... it will work...

FYA...


Sreenath


 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Form Bean after Session.Invalidate()
 
Similar Threads
Invalidating session
session management for logout
Problem with Navigation in subview
Session problem in Struts and Tomcat
Logout problem