Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Invalidating session

 
Venkata
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All

In every page of my JSF application i have logout hyper link and in my logout bean i am invalidating the session and clearing the response header using

session.invalidate();
response.setHeader("Cache-Control","no-store");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires",0);

if i click tha back button of browser still takes me to my previous page but it doen't allow any action since i already removed the session scoped beans.dio i need to remove the history using java script?

is there any other best way of achieving this?

Thanks in advance
Ven
 
anshul gupta
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
I am also facing the same problem,i have used session.invalidate() but when i click the back button it navigates back to earlier page.
Check the session value after invalidation.It should be null, but in my case it's not coming null!!
Also if you can post your login code,that would be of great help.
thanks in advance.
 
Venkata
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ,

I have seen your posting and you got the answer it seems.

My case was different. In my application i need to support the back button facility to the users as long as they are in session and valid session. If they timed out or logged out webseal should have to logout them and they should be access the application until they login again. But there is problem of browsing the history pages using back button, even they can not do any action on it....I acheived tha task using 'pkmslogout ' command appending to my URL.But want to prevent the backbutton as well once they logged out or timed out.I don't know how to do it? just clearing the header information in the session won't do any good, i think.


Any ideas???

Thanks
Ven
 
anshul gupta
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
in that case...when you ask the user to login..u should navigate him to a new page with no standard buttons available in it.this may sound creepy but it's a safer method.since there will be no such buttons like BACK, FORWARD etc. then there is no need to bother about that.
example of this type of login action is this website:
indusind website
click on login and observe the new page that pops up!
 
A. Dusi
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
in that case...when you ask the user to login..u should navigate him to a new page with no standard buttons available in it.


What if the user right clicks and chooses to open in new tab or new window?
 
anshul gupta
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@ DUSI

in such type of applications care is taken for the options that come under right click menu.e.g 'open link in new tab' or 'new window' is not provided there.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic