Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session tracking

 
Kitty Dayal
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I am tring to try and figure out how session tracking work's in servlets.
I will post the code and would appreciate the guru's to let me know if there is a better way of tracking user session's. Also I have one problem with my current code, when i click the back button on the browser i still see the secured webpage even though i have invalidated my session. Thanks for your replies...
index.jsp page(login page)


Login servlet code.

welcome.java code

Logoff.java code


the problem is when the user uses the back button, he can still see the contents on the welcome page? Thanks!
-Kitz
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I think the page is cached in the browser therfore it is showing the page. I am not sure but the problem can be sloved by adding the following two lines to set the cache control while sending the response.

response.setHeader("Cache-control","no-cache"); //HTTP 1.1
response.setHeader("pragma","no-cache");

Alternatively, you can use the "no-store" value in above lines instead of "no-cache". This value will not store the page in browser temporary directory.

Thank you.
 
Bharat Roy
Ranch Hand
Posts: 156
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Narendra Dhande:
Hello,

I think the page is cached in the browser therfore it is showing the page. I am not sure but the problem can be sloved by adding the following two lines to set the cache control while sending the response.

response.setHeader("Cache-control","no-cache"); //HTTP 1.1
response.setHeader("pragma","no-cache");

Alternatively, you can use the "no-store" value in above lines instead of "no-cache". This value will not store the page in browser temporary directory.

Thank you.

Hi Narendra,

Setting those headers definitely worked, but after Refreshing that "expired page" the contents did come back. How to stop the browser to RE-send the contents back to the server after the page has expired.

Thanks.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic