I have a web application that authenticate users through the Sun GlassFish Server to an OpenDS Directory service. I have problems writing code structure that can log users out of the application and end their sessions. Each time i call a Session.Invalidate and i use the browser navigation button to go back, a session is created instanly and also the getUserprincipal is still available to the page. I know i have been doing something wrong and i am in need of help. thanks
You can do 1 thing.
Before going to any page ...you can check about session exists or not. If session has been invalidated already then you can redirect the user to home page. Other methods I will try..