Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session.invalidate() and Logout

 
Kiran Kumar
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Everyone,

I am using Struts frame-work for my Web App. Each screen of my application has a Logout button which when clicked, closes all the screens of the application (Javascript functionality) and then does session.invalidate(); and opens a new login page.

But, the problem I am experiencing is, even though the session is invalidated, I still can open a new browser page and type the url to a specific screen and am able to view the screen as though I am logged in.(However, I cannot really connect to database or make any changes in the screen).

Shouldn't the screen NOT appear when session is invalidated? And, I see my action methods being called by the jsp when I click buttons on a screen after session is invalidated.

I would appreciate if anyone can through some light on what's exactly happening and suggest a better work around for logging out, session invalidation.

Thanks for your consideration,
Kiran
 
Alexandru Popescu
Ranch Hand
Posts: 995
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is a problem a POST/GET urls. You can find more info about performing correct logout here.

./pope
 
Kiran Kumar
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you so much.

Regards,
Kiran
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic