wood burning stoves
The moose likes Struts and the fly likes Session.invalidate() and Logout Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Session.invalidate() and Logout" Watch "Session.invalidate() and Logout" New topic

Session.invalidate() and Logout

Kiran Kumar
Ranch Hand

Joined: Jan 06, 2003
Posts: 91
Hello Everyone,

I am using Struts frame-work for my Web App. Each screen of my application has a Logout button which when clicked, closes all the screens of the application (Javascript functionality) and then does session.invalidate(); and opens a new login page.

But, the problem I am experiencing is, even though the session is invalidated, I still can open a new browser page and type the url to a specific screen and am able to view the screen as though I am logged in.(However, I cannot really connect to database or make any changes in the screen).

Shouldn't the screen NOT appear when session is invalidated? And, I see my action methods being called by the jsp when I click buttons on a screen after session is invalidated.

I would appreciate if anyone can through some light on what's exactly happening and suggest a better work around for logging out, session invalidation.

Thanks for your consideration,

------------<br />SCJP
Alexandru Popescu
Ranch Hand

Joined: Jul 12, 2004
Posts: 995
This is a problem a POST/GET urls. You can find more info about performing correct logout here.


blog - InfoQ.com
Kiran Kumar
Ranch Hand

Joined: Jan 06, 2003
Posts: 91
Thank you so much.

Have you checked out Aspose?
subject: Session.invalidate() and Logout
It's not a secret anymore!