Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

invalidate session object in struts2

 
Ganeshkumar cheekati
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Anchor tag in jsp

Action in xml file
if i am using the below code it is not working in my action class...LoginDO is my dataobject in which i have setter and getters for username and password...



In line1 ---> it is displaying LoginDO object which is in session object..
In line2----> it is displaying null

when a user clicks on logout buttion it goes to login page..

but the problem is every thing works fine when i use back button in browser istead of getting a message like session is expired...

can anyone give solution for this problem...?
thanks in advance...
 
Ankit Garg
Sheriff
Posts: 9521
22
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
At line 2 you are getting null as output which clearly means that the session is invalidated properly. I don't exactly know how you are checking each request whether its authentic or not, but if your authentication is correct, then the user might be able to press back and go to the previous page (put the headers given here in your JSP page, then this will not happen) but the user should not be able to do anything useful. If the user is able to press back and do stuff, then it might indicate broken security in your application as unauthenticated users might be able to get access to the application...
 
Ganeshkumar cheekati
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
still i am getting the same problem back button works fine..

even i put the below code in jsp and action also...



i put the below code in only jsp from where user logged out...

 
Ankit Garg
Sheriff
Posts: 9521
22
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ganeshkumar cheekati wrote:still i am getting the same problem back button works fine..

This is a little confusing for me. When you say "back button works fine" does it mean the back button is still taking you to the previous page?? The headers given in that FAQ must be put on pages that you don't want your browser to cache i.e. the ones that require the user to be logged in. Also as I said earlier, this might also be a security issue (if I'm not missing something). On pages/actions that require user to be logged in, are you actually checking if the user is logged in??
 
Ganeshkumar cheekati
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
that means still i am getting the previous page.....you mean do i have to put thost headers in the jsp where i have logout button right... i done the same thing...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic