hi everybody, I am developing some registration application using struts 1.3.8. I maintained the session as on each registration or login the request goes to
particular Action class, where I am checking for session attribute 'eid' , if it is there I am sending the control to Inbox page(in case of login request)
or to another page that displays 'you need to log out for registration'(in case of registration request). If session is not there I am creating a new
session and putting all the details in session.On logout control goes to an Action class calls session.invalidate() and then control goes to a page that
shows the message that you are successfully log out. I am using this on each jsp page to restrict the caching
and this in head tag of each html content
My problem is after logout when going to back button it is showing web page expired(But I want it should go to login page),
Moreover while displaying web page expired if I am refreshing the page it is showing alert that "you need to resend information...."
And again request is going to particular Action class and without asking for any thing(user name or password) it is again
going to last user's Inbox page(it seems all previous details are also going with this resend and all logic of Action class is executing)
But it is not supposed to happen. Any help? Any idea? Any suggestion?
I am checking for session. on Login I am creating a session and when user clicks on logout it checks for session if eid is not there in session , it sends the control to login page.
I am much curious how people are successfully implementing the session on social site like fb and orkut?
You have to secure every resource. You could disable the back button, but the user could still put the URL in the browser address bar. I linked to the JEE standard method in my previous post. There are also third party security API's, like Spring Security.
I have the same problem.
after logout, when i click back button it goes back to the previous page.
BUT if i refresh this previous page then it redirects to the login page.
I want, when i click the Back button, it redirect to the login page.
Please tel me JOE how you solve this problem.
Forgive your enemies, but never forget their names.
Just a suggestion, don't use Struts 1. Its has already reached EOL.
If you have to for some reason use Filters and check if user is in session.
Do not give access to JSP directly, it should be from Action class.
When user logout invalidate session in action class.
Also if you don't want jsp pages cached then use this scriplet in JSP page: