This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes session.invalidate() Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "session.invalidate()" Watch "session.invalidate()" New topic
Author

session.invalidate()

Arka Sharma
Ranch Hand

Joined: Jun 15, 2011
Posts: 103


Hi,

I have created one project.There is one login.jsp page.After successful log in i'm setting user name and password as session attribute then redirect to home page.In home page I created a link to logout.jsp where I have called session.invalidate() then redirect to log in page.But after that if i click browser back button it is going back to home page.Is it due to browser cache ?Whatever be the reason how to resolve it ?

Thanks
Arka

Vijay Tidake
Ranch Hand

Joined: Nov 04, 2008
Posts: 146

Hi,

on jsp page you can check for the valid session by method getSession(false) and the depending upon the condition check
you can redirect the user to appropriate page.


Thanks


The important thing is not to stop questioning.Curiosity has its own reason for existing.
Arka Sharma
Ranch Hand

Joined: Jun 15, 2011
Posts: 103

Hi,

I have added the folowing in my home.jsp page.When a login is successful it will redirect to home.jsp.

if(request.getSession(false)==null)
{
response.sendRedirect("login.jsp");
}

But still after logging out if i'm pressing back button it is going to home.jsp.
Vijay Tidake
Ranch Hand

Joined: Nov 04, 2008
Posts: 146

Hi,
Please check the link

Thanks
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15964
    
  19

I have a personal grudge against every J2EE author who ever used a "login page" as an example. There's a technical term for people who write their own webapp security code: "pwned". J2EE has a well-developed security system of its own, and in most cases it's more than sufficient to for web application security needs.

However, disregarding my own prejudices, the problem here is that the browser "Back" button doesn't connect directly to the webapp. The "Back" button simply causes the browser to re-submit the URL from the previous page.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: session.invalidate()
 
Similar Threads
Logout in JSF with Security managed by Glassfish v3.1
Are beans also destroyed with session invalidate()?
Session management?
Login/Logout Problem
How to end a web application session.