wood burning stoves*
The moose likes Struts and the fly likes invalidate session object in struts2 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "invalidate session object in struts2" Watch "invalidate session object in struts2" New topic
Author

invalidate session object in struts2

Ganeshkumar cheekati
Ranch Hand

Joined: Oct 13, 2008
Posts: 362

Anchor tag in jsp

Action in xml file
if i am using the below code it is not working in my action class...LoginDO is my dataobject in which i have setter and getters for username and password...



In line1 ---> it is displaying LoginDO object which is in session object..
In line2----> it is displaying null

when a user clicks on logout buttion it goes to login page..

but the problem is every thing works fine when i use back button in browser istead of getting a message like session is expired...

can anyone give solution for this problem...?
thanks in advance...


SCJP5 and SCWCD1.5
Think Twice Act Wise...
Ankit Garg
Sheriff

Joined: Aug 03, 2008
Posts: 9291
    
  17

At line 2 you are getting null as output which clearly means that the session is invalidated properly. I don't exactly know how you are checking each request whether its authentic or not, but if your authentication is correct, then the user might be able to press back and go to the previous page (put the headers given here in your JSP page, then this will not happen) but the user should not be able to do anything useful. If the user is able to press back and do stuff, then it might indicate broken security in your application as unauthenticated users might be able to get access to the application...


SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Ganeshkumar cheekati
Ranch Hand

Joined: Oct 13, 2008
Posts: 362
still i am getting the same problem back button works fine..

even i put the below code in jsp and action also...



i put the below code in only jsp from where user logged out...

Ankit Garg
Sheriff

Joined: Aug 03, 2008
Posts: 9291
    
  17

Ganeshkumar cheekati wrote:still i am getting the same problem back button works fine..

This is a little confusing for me. When you say "back button works fine" does it mean the back button is still taking you to the previous page?? The headers given in that FAQ must be put on pages that you don't want your browser to cache i.e. the ones that require the user to be logged in. Also as I said earlier, this might also be a security issue (if I'm not missing something). On pages/actions that require user to be logged in, are you actually checking if the user is logged in??
Ganeshkumar cheekati
Ranch Hand

Joined: Oct 13, 2008
Posts: 362
that means still i am getting the previous page.....you mean do i have to put thost headers in the jsp where i have logout button right... i done the same thing...
 
wood burning stoves
 
subject: invalidate session object in struts2
 
Similar Threads
servlet mapping
Iterator in Struts 1
Need an attribute to be available in different places (SOLVED)
Logout is not properly working in struts2 please help me
struts2 login interceptor not finding session attribute of user details.