Logout The Session
Ashok Haluvarthi
Greenhorn
Posts: 13
posted 15 years ago
Hello All,
I have one problem in maintaining session and removing session.
when i press logout button it has to close the session here if i press Back button or Forward button it has to say that session has beeen closed pls login once again
These r the files
Index.html
html>
<body>
<form action=first.jsp method="post">
<pre><center><p> </p><p> </p><p> </p><p> </p>
UserName:<input type=text name=un><br>
Password:<input type=password name=pw><br>
<input type=Submit name=Login value=Login>
</form>
</body>
</html>
first.jsp
<html>
<title>Test</title>
<head>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body background="back_right.gif">
<%
String u_name="";
String p_word="";
u_name=request.getParameter("un");
p_word=request.getParameter("pw");
session.setAttribute("USERNAME",u_name);
session.setAttribute("PASSWORD",p_word);
String un =(String)session.getAttribute("USERNAME");
String pw =(String)session.getAttribute("PASSWORD");
%>
<% if (un.equals("ravi")&& pw.equals("ravi")) {
%>
<jsp:include page="second.jsp" />
<% }else out.println("Hello"); %>
<%
%>
</body>
</html>
second.jsp
<html>
<head>
<title></title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body >
<%
String UN=(String)session.getAttribute("USERNAME");
String PW=(String)session.getAttribute("PASSWORD");
if (UN.equals("ravi")&& PW.equals("ravi"))
{
out.println("Hay");
}else
out.println("Hello");
%>
<center>
The values of session are
<%= UN %>
<%= PW %>
<form action="logout.jsp" method="post">
<input type=submit value=Logoff>
</form>
</body>
</html>
logout.jsp
<HTML>
<HEAD>
</HEAD>
<BODY onunload="JavaScript:writeCookies(1)">
<%
session.removeAttribute("USERNAME");
session.removeAttribute("PASSWORD");
if(session.equals(""))
{
response.sendRedirect("index.html");
}
%>
</BODY>
</HTML>
I have one problem in maintaining session and removing session.
when i press logout button it has to close the session here if i press Back button or Forward button it has to say that session has beeen closed pls login once again
These r the files
Index.html
html>
<body>
<form action=first.jsp method="post">
<pre><center><p> </p><p> </p><p> </p><p> </p>
UserName:<input type=text name=un><br>
Password:<input type=password name=pw><br>
<input type=Submit name=Login value=Login>
</form>
</body>
</html>
first.jsp
<html>
<title>Test</title>
<head>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body background="back_right.gif">
<%
String u_name="";
String p_word="";
u_name=request.getParameter("un");
p_word=request.getParameter("pw");
session.setAttribute("USERNAME",u_name);
session.setAttribute("PASSWORD",p_word);
String un =(String)session.getAttribute("USERNAME");
String pw =(String)session.getAttribute("PASSWORD");
%>
<% if (un.equals("ravi")&& pw.equals("ravi")) {
%>
<jsp:include page="second.jsp" />
<% }else out.println("Hello"); %>
<%
%>
</body>
</html>
second.jsp
<html>
<head>
<title></title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body >
<%
String UN=(String)session.getAttribute("USERNAME");
String PW=(String)session.getAttribute("PASSWORD");
if (UN.equals("ravi")&& PW.equals("ravi"))
{
out.println("Hay");
}else
out.println("Hello");
%>
<center>
The values of session are
<%= UN %>
<%= PW %>
<form action="logout.jsp" method="post">
<input type=submit value=Logoff>
</form>
</body>
</html>
logout.jsp
<HTML>
<HEAD>
</HEAD>
<BODY onunload="JavaScript:writeCookies(1)">
<%
session.removeAttribute("USERNAME");
session.removeAttribute("PASSWORD");
if(session.equals(""))
{
response.sendRedirect("index.html");
}
%>
</BODY>
</HTML>
William Brogden
Author and all-around good cowpoke
Rancher
Rancher
Posts: 13078
6
posted 15 years ago
You really should use the invalidate() method to discard the session. That will ensure that the previous login is totally gone. The code
is totally meaningless since a session will never equal a String.
Bill
is totally meaningless since a session will never equal a String.
Bill
Vedhas Pitkar
Ranch Hand
Posts: 445
posted 15 years ago
Yep, & maybe u could check if(UN==null) which means no user name(out-of-seesion) & add the following code to all ur .jsp pages :-
<%
response.setHeader("cache-control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires",0);
%>
This thing is working for me even with the Back Button
<%
response.setHeader("cache-control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires",0);
%>
This thing is working for me even with the Back Button
James Carman
Ranch Hand
Posts: 580
posted 15 years ago
I would not suggest that you add the code to all of your .jsp pages. This is a maintenance nightmare! I would suggest using a Filter to add the headers. This way, you avoid the headache of doing a search/replace if you ever want to change this functionality.
Originally posted by Vedhas Pitkar:
Yep, & maybe u could check if(UN==null) which means no user name(out-of-seesion) & add the following code to all ur .jsp pages :-
<%
response.setHeader("cache-control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires",0);
%>
This thing is working for me even with the Back Button
I would not suggest that you add the code to all of your .jsp pages. This is a maintenance nightmare! I would suggest using a Filter to add the headers. This way, you avoid the headache of doing a search/replace if you ever want to change this functionality.
James Carman, President<br />Carman Consulting, Inc.
