Originally posted by Sam Furtado:
Hi Guys !!!
Due to security reasons it is required that in case the user is currently sitting idle for too long (say 5 min's) then the application "should automatically log the user out"
Secondly, i am also having problems destroying a session when the user clicks on the "logout" button.
Following is the way i have implemented :-
In the Controller Servlet i am making a check to see it the current Session is valid by invoking the method session.isRequestedSessionIdValid() and if it is not a valid session then the user should be redirected to the login page. However, i noticed after printing the session ID on each jsp that when the "logout" button is clicked and the user is directed to a "thank you" page then, on that page a different session id is being printed on the jsp page. Now, when the back button is pressed and any of the site links are clicked the user gets to have a look at all the site information as though he has'nt yet logged out.
How should these problems be solved ???
Thanks Guys !