Sun Certified Java Programmer<br />Sun Certified Web Component Developer
Originally posted by Sam Furtado:
Hi Guys !!!
Due to security reasons it is required that in case the user is currently sitting idle for too long (say 5 min's) then the application "should automatically log the user out"
Secondly, i am also having problems destroying a session when the user clicks on the "logout" button.
Following is the way i have implemented :-
In the Controller Servlet i am making a check to see it the current Session is valid by invoking the method session.isRequestedSessionIdValid() and if it is not a valid session then the user should be redirected to the login page. However, i noticed after printing the session ID on each jsp that when the "logout" button is clicked and the user is directed to a "thank you" page then, on that page a different session id is being printed on the jsp page. Now, when the back button is pressed and any of the site links are clicked the user gets to have a look at all the site information as though he has'nt yet logged out.
How should these problems be solved ???
Pls Suggest
Thanks Guys !
SCJP<br />SCWCD<br />SCEA Part I
Sun Certified Java Programmer<br />Sun Certified Web Component Developer
SCJP<br />SCWCD<br />SCEA Part I
eat bricks! HA! And here's another one! And a tiny ad!
Smokeless wood heat with a rocket mass heater
https://woodheat.net
|