• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Tim Cooke
  • Junilu Lacar
  • Rob Spoor
  • Devaka Cooray
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Tim Holloway
  • Jj Roberts
  • Al Hobbs
  • Piet Souris

relogin on direct call of servlet after session invalidate

Posts: 6
Eclipse IDE Oracle Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ranchers,

I am trying my hands on JEE application. I have created a J2EE application using MVC approach. I have a servlet "login" which calls a method in a java bean for authentication of the user. I have following flow:
http://localhost:8080/Myapplication/login.jsp > calls the /login servlet.
after I have authenticated the user i am forwarding the request to the relevant page i.e. success page or failure page.
suppose the user is authenticated. He navigate to these jsp's.
http://localhost:8080/Myapplication/page4.jsp and finally i have a jsp called logout.jsp and i am doing a session.invalidate() in this jsp. The session gets sucessfully logged out. However i have one glitch in the flow. i.e. if I use my browser back button and go back to the page where my browser address reads as http://localhost:8080/Myapplication/login servlet and If i do a refresh on this page the user is logged in again.

I want to remove this behavior of my application. Please advise.

Thanks in advance!!!
author & internet detective
Posts: 40793
Eclipse IDE VI Editor Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It sounds like the form is being resubmitted with the login credentials. Take a look at the post redirect get pattern. It separates the submission from the next page. The redirect "breaks" them up so you can refresh to your heart's content without re-logging in.
Don't get me started about those stupid light bulbs.
    Bookmark Topic Watch Topic
  • New Topic