session validate is not working in internet explorer

Hi experts, I have a click button called log off , here once a user clicks it , task goes to logout servlet to end current user session . below is my code , I don't know why it works fine with mozilla firefox and google chrom but not working with internet explorer. please help me I did many tries till got headache

response.setHeader("Cache-Control","no-store"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0);

HttpSession httpSession = request.getSession();
httpSession.setAttribute("validUser",null);
httpSession.invalidate();

HttpSession session = request.getSession(false);
if(session == null)
response.sendRedirect("/index.jsp");
else
response.sendRedirect("http://www.google.com");//just to test
here it goes fine to my index, but if I logged in again, I should enter a new session , but unfortunately this not happened in explorer , works fine with mozilla , and chroom.

I have also done in my index.jsp the check like below:

<%
if(session!=null){
session.setAttribute("validUser",null);
session.invalidate();

%>
just to erase whatever previous session . But why session exist on same page !!! only in explorer , it makes me open new explorer for new user and that is what I don't want !!!

please help me guys
thanks in advance

Hi,

on index.jsp page do one thing there is attribute in page directive as SESSION . make this attribute as false.
by default for each jsp page session is created . but if you make SESSION attribute as FALSE then web container not create Session for index.jsp page.

swapnil kachave wrote:Hi,

on index.jsp page do one thing there is attribute in page directive as SESSION . make this attribute as false.
by default for each jsp page session is created . but if you make SESSION attribute as FALSE then web container not create Session for index.jsp page.

I did what you said , still the problem remains . I can login with another user name but it appears to me the previous details for the previous session which means
that previous session not removed and no new session created for new user. I don't know why it is only in explorer this . firefox and chorme are fine .

Please check the your login server which you are using for login in that if you are getting the session mean you not configure page directive tag properly.
or do one thing
first make
request.getsession(false);
in your login servlet and check that you are getting session in login servlet or not .

swapnil kachave wrote:Please check the your login server which you are using for login in that if you are getting the session mean you not configure page directive tag properly.
or do one thing
first make
request.getsession(false);
in your login servlet and check that you are getting session in login servlet or not .

I did what you told me about correctly, and in the login Servlet there is no old session , it works fine . I will explain my problem in more details:
user clicks url , and login to the system , he will go to page 1 page 2 page 3, during these pages session is working fine because by default is activated . user clicks logout button
logout servlet will invalidate the session and redirects user to index page( in index page I am forcing page not to use session using directive session <%@ page session="false"%>), so another user can login to the system again . if I try to login again different username and password I got "old session exist !!" because old session is still active not removed. here is my login:

HttpSession session = request.getSession(false);
if(session==null)
{
//create new session for user
//forward him to main page which contains page 1, page 2 , page 3 till logut button clicked to process for logout
// works fine with first login
}


else//old session exist
{
out.println("<html>");
out.println("<h3>old session Exist</h3>");
out.println("</body>");
out.println("</html>");

}

Please be sure to use code tags when posting code to the forums. Unformatted or unindented code is extremely hard to read and many people that might be able to help you will just move along to posts that are easier to read. Please click this link ⇒ UseCodeTags ⇐ for more information.

Properly indented and formatted code greatly increases the probability that your question will get quicker, better answers.

which version of IE are you using ?

Nevin kumar wrote:which version of IE are you using ?

internet explorer 8

my works great with chroom and firefox , if i logged in a web page , I can't continue to log in another web page, directly message appear says "old session exist"
but in explorer still opens the previous old session and can see what user choose and I can modify it

IE shares cookies across multiple windows of the same browser session -- therefore, it shares the HTTP session across them as well.

Bear Bibeault wrote:IE shares cookies across multiple windows of the same browser session -- therefore, it shares the HTTP session across them as well.

thank you, but how I remove this attribute from IE , or is there away to avoid this , what shall I do ?

do I have to reduce session time out in the server to 10 minutes , is that good way.
I need to use IE because most of users use it by default
I really got headache

To be honest -- I don't worry about it. If a user opens multiple windows and doesn't like the behavior, we just tell them not to do that. It's not like they're going to have someone else on the same system opening new windows while the user is sitting there.

Greetings,

I know this is an older thread, but from the perspective of testing, sometimes it is helpful to open two instances of Internet Explorer with two different sets of credentials.

In such a situation, you can use one of the (in)famous "Undocumented Features" from Internet Explorer:

1. Open Internet Explorer.
2. Navigate to the site to be tested and log in under first set of credentials.
3. Open the "Run" dialog box. (Either "Win+R" or just the "Search for programs & files" at the bottom of the Win7 Start Menu)
4. In the dialog, type "iexplore /separate" and hit "Enter"
5. Navigate the new IE window to the site to be tested and log in under the second set of credentials.

What the "/separate" flag does for IE is open a new instance in a new memory space. The second window will know nothing of the state/session/cookies of the first window, and vice versa.

HTH.