Originally posted by Moined Mogul:
I have created a JSP page that takes the username and password of the user and if correct will forward them on to the appropriate JSP with admin rights to my database.
I am wondering now what would be the simplest method of implementing a logout so that when the user logged out they could not use the browser back button to go back to the admin page. I have added already the code to keep the browser from caching any of the pages so I think it is only a matter of validating and invalidating the session in the right places.
Could someone please give me an example of how to properly use the session validate and invalidate to keep the users of my web app to be able to use the back button and then do a refresh to get back to the admin page?
Thank you!!!
Rehan Malik
Originally posted by Moined Mogul:
So should I add this code:
<%
if(session.isNew())
{
response.redirect("PleaseLogin.jsp");
}
%>
to both my login.jsp and my admin.jsp???
And then just invalidate the session in my logout.jsp???
That is it???
Rehan Malik
Originally posted by Moined Mogul:
I got this error when I added the code you suggested to my JSP pages.
Compiling failed
.\home\WEB-INF\temp\admin_jsp.java:78: Method redirect(java.lang.String) not found in interface javax.servlet.http.HttpServletResponse.
response.redirect("adminlogin.jsp");
Rehan Malik
Originally posted by Moined Mogul:
That is what you had quoted before....I am not getting the error now but can still get back to that page if I hit the back button and then do a refresh of the page???
Please help???
Thank you.
Rehan Malik
Originally posted by Moined Mogul:
Thank you so much for your help...I would really appreciate it if you could look...thank you...
Rehan Malik
Originally posted by Rehan Malik:
okay try this:
<%
response.setDateHeader("Expires", 0);
response.setHeader("Pragma", "no-cache");
if (request.getProtocol().equals("HTTP/1.1"))
{
response.setHeader("Cache-Control", "no-cache");
}
%>
I'm running out of ideas =)
Jump in anybody if you're reading this as well =)
Rehan Malik
Originally posted by Moined Mogul:
I have created a JSP page that takes the username and password of the user and if correct will forward them on to the appropriate JSP with admin rights to my database.
I am wondering now what would be the simplest method of implementing a logout so that when the user logged out they could not use the browser back button to go back to the admin page. I have added already the code to keep the browser from caching any of the pages so I think it is only a matter of validating and invalidating the session in the right places.
Could someone please give me an example of how to properly use the session validate and invalidate to keep the users of my web app to be able to use the back button and then do a refresh to get back to the admin page?
Thank you!!!
Rehan Malik
I once met a man from Nantucket. He had a tiny ad
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
|