• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

invalidate session object in struts2

 
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Anchor tag in jsp

Action in xml file
if i am using the below code it is not working in my action class...LoginDO is my dataobject in which i have setter and getters for username and password...



In line1 ---> it is displaying LoginDO object which is in session object..
In line2----> it is displaying null

when a user clicks on logout buttion it goes to login page..

but the problem is every thing works fine when i use back button in browser istead of getting a message like session is expired...

can anyone give solution for this problem...?
thanks in advance...
 
Sheriff
Posts: 9708
43
Android Google Web Toolkit Hibernate IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
At line 2 you are getting null as output which clearly means that the session is invalidated properly. I don't exactly know how you are checking each request whether its authentic or not, but if your authentication is correct, then the user might be able to press back and go to the previous page (put the headers given here in your JSP page, then this will not happen) but the user should not be able to do anything useful. If the user is able to press back and do stuff, then it might indicate broken security in your application as unauthenticated users might be able to get access to the application...
 
Ganeshkumar cheekati
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
still i am getting the same problem back button works fine..

even i put the below code in jsp and action also...



i put the below code in only jsp from where user logged out...

 
Ankit Garg
Sheriff
Posts: 9708
43
Android Google Web Toolkit Hibernate IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ganeshkumar cheekati wrote:still i am getting the same problem back button works fine..


This is a little confusing for me. When you say "back button works fine" does it mean the back button is still taking you to the previous page?? The headers given in that FAQ must be put on pages that you don't want your browser to cache i.e. the ones that require the user to be logged in. Also as I said earlier, this might also be a security issue (if I'm not missing something). On pages/actions that require user to be logged in, are you actually checking if the user is logged in??
 
Ganeshkumar cheekati
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
that means still i am getting the previous page.....you mean do i have to put thost headers in the jsp where i have logout button right... i done the same thing...
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic