• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SSL Session tracking

 
Mike Pandey
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

I have a question on SSL mechanism.
Basically, i have developed a small app, which also consists log-in and log-out buttons. now in the log out code i call session.invalidate(); to terminate the session explicity. But what i have seen is when I paste any https url of my earlier transactn in the same browser window, with out refreshing it it displays the secure page with out asking for login again.
Is this due to existence of jsession id used by SSL mechanism even after invalidate() call is returned?

pls let me know ur thoughts and solutns as well

Also this is my first day as a Java rancher and m Going on for SCWCD 1.4 on 12th! so any tips tricks are welcome


thnx in Advance!!
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The jsession id in the url will not cause this. The user simply is not getting logged out. How to log out depends on your security configuration. Invalidating the session is recommended, but does not log you out unless your security is 100% programmatic (meaning all security is controlled in code and managed in session scope).

Let us know a little more info and we'll see what we can do. Be warned - fred or I may move this thread to another Javaranch forum later (like the Security forum) to help you find your answer if we can't help. This forum is used more for people asking questions/doubts about difficult topics that they come across during SCWCD studies.

Welcome to the Ranch, Mike, and good luck on your test! Don't forget to post your results in the Sun Certification Results forum when you pass!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic