This week's book giveaway is in the OCAJP 8 forum.
We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line!
See this thread for details.
The moose likes Struts and the fly likes Session.invalidate() and Logout Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide this week in the OCAJP 8 forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Session.invalidate() and Logout" Watch "Session.invalidate() and Logout" New topic

Session.invalidate() and Logout

Kiran Kumar
Ranch Hand

Joined: Jan 06, 2003
Posts: 91
Hello Everyone,

I am using Struts frame-work for my Web App. Each screen of my application has a Logout button which when clicked, closes all the screens of the application (Javascript functionality) and then does session.invalidate(); and opens a new login page.

But, the problem I am experiencing is, even though the session is invalidated, I still can open a new browser page and type the url to a specific screen and am able to view the screen as though I am logged in.(However, I cannot really connect to database or make any changes in the screen).

Shouldn't the screen NOT appear when session is invalidated? And, I see my action methods being called by the jsp when I click buttons on a screen after session is invalidated.

I would appreciate if anyone can through some light on what's exactly happening and suggest a better work around for logging out, session invalidation.

Thanks for your consideration,

------------<br />SCJP
Alexandru Popescu
Ranch Hand

Joined: Jul 12, 2004
Posts: 995
This is a problem a POST/GET urls. You can find more info about performing correct logout here.


blog -
Kiran Kumar
Ranch Hand

Joined: Jan 06, 2003
Posts: 91
Thank you so much.

I agree. Here's the link:
subject: Session.invalidate() and Logout
It's not a secret anymore!