In my logoff servlet,i have used session.invalidate(). but still if i click back button of the browser after logging out ,it again takes me to the previous page.and allows me to manipulate that page.actually it should not allow me to manipulate. Can anyone please help me regarding this. Thanks, Raj.
Raj, I used a technique for proper authendication of users for a web application. Basically the logic I used is this. 1. In the servlet first check if the Session object exists. 2. If exists check in the session there is a <i>special session object</i>. This special object (here 'UserView' )was already put by our application when a user properly logs into the system. Basically if a user properly logs in, we create a viewbean object with members loginID, and password and put into memory (put in session with a name like 'userView', so that we can properly check back for the view bean object in session with the nameTag, latter,in any servlet ). This CREATING NEW SESSION and putting a viewBean in session are done in the LoginServlet. // sample code
3. If that special session object exists, give a GO-AHEAD. Further processiog in the servlet.
4. If not redirect the user to login page/ or a 'notLoggedIn.html' page, and ask the user to PROPERLY LOGIN to the system. I use 'forward' instead of 'redirect' API since this redirect doesn't work properly.
Raj, I have given you an idea of how I have done. I have written an authendication servlet and put it online in the wYou can check it online in http://www.webappcabaret.com/maha/ Try the following test cases in Maha's web applicaion in the mentioned link ---------------------------- I have 2 users in the database. 1. loginId : 1000 password: maha 2. loginId :1001 password :anna
Test case 1 : ------------- Login as 1000 with password maha Try to login again Logout Test case 2 : ------------ Login as 1001 with password anna Logout Try logout again Test case 3 : ------------ Try logout WITOUT logged in first Basically this system DOESNOT allow the user into the system without properly logged in. I used 2 servlets,some viewbeans,JDBC-MYSQL database,2 JSP pages, 2 html pages. and the MVC (Model-View-Control) Design pattern. If you further need help I can send you the full source code in Zip file to you. regds maha anna
[This message has been edited by maha anna (edited October 04, 2000).]
hello maha anna, I am alos working for a similar kind of project where i need to kill or invalidate a session variable aat the logout page. Do please mail me the source code at email@example.com, regards and thanks in advance - mohan
Hi Maha, I have done the session tracking part and it works fine.but i have a basic doubt.here it goes lets assume i write a complete web app.this app has 3 servlets and 4 jsp docs.once the user logs in, the 1st servlet puts a session id in to this session.the other servlets and jsp pages check for this id before they process any user request. my question is:if two users login at the same time then the servlet will put two separate ids for both the users.now my doubt is, when the rest of the servlets and jsp docs try to retrieve the id, how will they know which id is their's.will they not get confused?for my app if this happens(i mean one user reading another users id) it will be disastrous. please clear my doubt. Thanks in advance. Regards, Subramanian
We don't have time to be charming! Quick, read this tiny ad: