File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Session.invalidate() and Logout Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Session.invalidate() and Logout" Watch "Session.invalidate() and Logout" New topic

Session.invalidate() and Logout

Kiran Kumar
Ranch Hand

Joined: Jan 06, 2003
Posts: 91
Hello Everyone,

I am using Struts frame-work for my Web App. Each screen of my application has a Logout button which when clicked, closes all the screens of the application (Javascript functionality) and then does session.invalidate(); and opens a new login page.

But, the problem I am experiencing is, even though the session is invalidated, I still can open a new browser page and type the url to a specific screen and am able to view the screen as though I am logged in.(However, I cannot really connect to database or make any changes in the screen).

Shouldn't the screen NOT appear when session is invalidated? And, I see my action methods being called by the jsp when I click buttons on a screen after session is invalidated.

I would appreciate if anyone can through some light on what's exactly happening and suggest a better work around for logging out, session invalidation.

Thanks for your consideration,

------------<br />SCJP
Alexandru Popescu
Ranch Hand

Joined: Jul 12, 2004
Posts: 995
This is a problem a POST/GET urls. You can find more info about performing correct logout here.


blog -
Kiran Kumar
Ranch Hand

Joined: Jan 06, 2003
Posts: 91
Thank you so much.

I agree. Here's the link:
subject: Session.invalidate() and Logout
It's not a secret anymore!