Our application starts with a login page. If user is a valid user , he/she is allowed to access pages. On every page , there is a loggoff button and on every page , there is mechanism to check whether session is invalid or new(in such condition user is redirected back to login). Once user is clicking loggoff button , i am invalidating user session and redirecting him to login page.
Now at login page , if i type any url in browser window , i must be redirected to login page because user session has been invalidated.but it is not happening because session is not getting invalidated properly.
Now at login page , if i type any url in browser window , i must be redirected to login page because user session has been invalidated.but it is not happening because session is not getting invalidated properly.