| Author |
After logout,browser back button shows web page expired,on refreshing it send request and shows data
|
Shailesh Kumar Saxena
Greenhorn
Joined: Dec 15, 2012
Posts: 25
|
|
hi everybody,
I am developing some registration application using struts 1.3.8. I maintained the session as on each registration or login the request goes to
particular Action class, where I am checking for session attribute 'eid' , if it is there I am sending the control to Inbox page(in case of login request)
or to another page that displays 'you need to log out for registration'(in case of registration request). If session is not there I am creating a new
session and putting all the details in session.On logout control goes to an Action class calls session.invalidate() and then control goes to a page that
shows the message that you are successfully log out. I am using this on each jsp page to restrict the caching
and this in head tag of each html content
My problem is after logout when going to back button it is showing web page expired(But I want it should go to login page),
Moreover while displaying web page expired if I am refreshing the page it is showing alert that "you need to resend information...."
And again request is going to particular Action class and without asking for any thing(user name or password) it is again
going to last user's Inbox page(it seems all previous details are also going with this resend and all logic of Action class is executing)
But it is not supposed to happen. Any help? Any idea? Any suggestion?
|
Shailesh Saxena,
Pilibhit, U.P. INDIA
|
 |
Joe Ess
Bartender
Joined: Oct 29, 2001
Posts: 8263
|
|
|
Do you have any other security set up, like basic declarative security or checking the user session?
|
"blabbing like a narcissistic fool with a superiority complex" ~ N.A.
[How To Ask Questions On JavaRanch]
|
|
Shailesh Kumar Saxena
Greenhorn
Joined: Dec 15, 2012
Posts: 25
|
|
Hi Joe,
I am checking for session. on Login I am creating a session and when user clicks on logout it checks for session if eid is not there in session , it sends the control to login page.
I got a temporary solution through googling that is to use javascript disabling the back button on logout page. But it is not the actual one I want.
I am much curious how people are successfully implementing the session on social site like fb and orkut?
|
|
Joe Ess
Bartender
Joined: Oct 29, 2001
Posts: 8263
|
|
|
You have to secure every resource. You could disable the back button, but the user could still put the URL in the browser address bar. I linked to the JEE standard method in my previous post. There are also third party security API's, like Spring Security.
|
|
Gaurav Manral
Greenhorn
Joined: Jun 29, 2012
Posts: 10
|
|
I have the same problem.
after logout, when i click back button it goes back to the previous page.
BUT if i refresh this previous page then it redirects to the login page.
I want, when i click the Back button, it redirect to the login page.
Please tel me JOE how you solve this problem.
|
|
 |
|
|
subject: After logout,browser back button shows web page expired,on refreshing it send request and shows data
|
|
|
1
