Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Form Bean after Session.Invalidate()

 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In my application I have a logout link on pages. This link control goes to 'Logout' action where I clean up the session variables and then invalidate the session with:

session.invalidate();


if I keep going back with the back key of my browser till the login page url, IE shows me the expired message. but if I referesh the page, it logs me in. Formbean values are still populated. Even though the scope of the form was 'request' in struts-config.xml

kindly guide, why it's happening and how to invalidate/nullify the form-bean values.

Thanks
Neeraj.
 
Bunty Naagar
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Refreshing the page sends the exact same request again.
To avoid processing a duplicate request, you can use TokenInterceptor
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to disable caching.
 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
we have already put following headers -

response.setHeader("Cache-Control","no-cache,no-store");
response.setHeader("Pragma","no-cache");
response.setDateHeader ("Expires", -1);

but its not working. after refreshing the page, it submits the login details.

we are also thinking of using token, but its a lengthy process to do it on every hyperlink in the applications ..loooking for some samller route to implement it


Thanks a ton for your inputs.
 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
any inputs will be a great help, if you could tell why the following lines are not havnig the desired effect -

response.setHeader("Cache-Control","no-cache,no-store");
response.setHeader("Pragma","no-cache");
response.setDateHeader ("Expires", -1);



thanks
Neeraj.

 
Sreenath Rajagopal
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Neeraj...
this is a big prob...but solvable..

You take username and password and then store it in some session values. then use a new request (using redirect) to go to next page as login validation action class.
and while logout you use invalidate function... it will work...

FYA...


Sreenath


 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic