Meaningless Drivel is fun!*
The moose likes Struts and the fly likes Session.invalidate() and Logout Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Session.invalidate() and Logout" Watch "Session.invalidate() and Logout" New topic
Author

Session.invalidate() and Logout

Kiran Kumar
Ranch Hand

Joined: Jan 06, 2003
Posts: 91
Hello Everyone,

I am using Struts frame-work for my Web App. Each screen of my application has a Logout button which when clicked, closes all the screens of the application (Javascript functionality) and then does session.invalidate(); and opens a new login page.

But, the problem I am experiencing is, even though the session is invalidated, I still can open a new browser page and type the url to a specific screen and am able to view the screen as though I am logged in.(However, I cannot really connect to database or make any changes in the screen).

Shouldn't the screen NOT appear when session is invalidated? And, I see my action methods being called by the jsp when I click buttons on a screen after session is invalidated.

I would appreciate if anyone can through some light on what's exactly happening and suggest a better work around for logging out, session invalidation.

Thanks for your consideration,
Kiran


------------<br />SCJP
Alexandru Popescu
Ranch Hand

Joined: Jul 12, 2004
Posts: 995
This is a problem a POST/GET urls. You can find more info about performing correct logout here.

./pope


blog - InfoQ.com
Kiran Kumar
Ranch Hand

Joined: Jan 06, 2003
Posts: 91
Thank you so much.

Regards,
Kiran
 
Consider Paul's rocket mass heater.
 
subject: Session.invalidate() and Logout
 
Similar Threads
Problem with siteminder logoff in struts apllication
Problem in siteminder logoff
HttpSessions in WTE (VAJ 4)
problem with siteminder in sturts application
siteminder logout problem