• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

relogin on direct call of servlet after session invalidate

 
Greenhorn
Posts: 6
Eclipse IDE Oracle Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ranchers,

I am trying my hands on JEE application. I have created a J2EE application using MVC approach. I have a servlet "login" which calls a method in a java bean for authentication of the user. I have following flow:
http://localhost:8080/Myapplication/login.jsp > calls the /login servlet.
after I have authenticated the user i am forwarding the request to the relevant page i.e. success page or failure page.
suppose the user is authenticated. He navigate to these jsp's.
http://localhost:8080/Myapplication/page1.jsp
http://localhost:8080/Myapplication/page2.jsp
http://localhost:8080/Myapplication/page3.jsp
http://localhost:8080/Myapplication/page4.jsp and finally i have a jsp called logout.jsp and i am doing a session.invalidate() in this jsp. The session gets sucessfully logged out. However i have one glitch in the flow. i.e. if I use my browser back button and go back to the page where my browser address reads as http://localhost:8080/Myapplication/login servlet and If i do a refresh on this page the user is logged in again.

I want to remove this behavior of my application. Please advise.

Thanks in advance!!!
 
author & internet detective
Posts: 40035
809
Eclipse IDE VI Editor Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It sounds like the form is being resubmitted with the login credentials. Take a look at the post redirect get pattern. It separates the submission from the next page. The redirect "breaks" them up so you can refresh to your heart's content without re-logging in.
    Bookmark Topic Watch Topic
  • New Topic