This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
But, the problem I am experiencing is, even though the session is invalidated, I still can open a new browser page and type the url to a specific screen and am able to view the screen as though I am logged in.(However, I cannot really connect to database or make any changes in the screen).
Shouldn't the screen NOT appear when session is invalidated? And, I see my action methods being called by the jsp when I click buttons on a screen after session is invalidated.
I would appreciate if anyone can through some light on what's exactly happening and suggest a better work around for logging out, session invalidation.