I've set a session in login.java using
HttpSession session=request.getSession(true);
session.setAttribute("eml",email) ;

but in the logout.jsp, when i am invalidating the session it's showing an error!!!
Where am i going wrong??
My Code goes like this::



<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title> Faculty Log In: Fast Learn</title>
<style type="text/css">
a {text-decoration:none; color:#FFFFFF}
</style>
</head>
<body background="logbck.png"><div style=" width:100%; height:720"><center><div align="left" style="background-image:url(1.jpg); width:797px; height:132px">

</div></center><br />
<div style="font-family:Papyrus, Parchment, 'Palace Script MT'; font-size:20px; font-weight:bold; color:#FFFFFF"><a href="index.jsp">Back to HomePage</a></div>
<%
request.getSession().invalidate();
request.getSession(false);
%>
<font face=papyrus color="#ffffff" ><h1>
Thank You! You've Been Successfully Logged Out.</h1></font>
<hr />
<%
if(session.getAttribute("eml").equals("")){
out.println("<font face=papyrus color=#ffffff size=+1>You are Not Logged In!</font>");
}
%>
<div style="margin-left:15%; margin-right:15%; margin-top:auto; background-image:url(log2.png); width:960; height:720; ">
<br /><br /><br /><br /><br>
<div style="margin-left:15%; margin-top:5%; width:auto; height:auto; border:thin; border:#FFFFFF">
<font face=papyrus color="#000000" ><h1>Please Login::<br></h1></font>
<form action="./login" method="POST">
<font face=papyrus color="#000000" size=6>
Enter Your Email:   <input type="text" name="fclognm" size="35"/><br />
<br />Enter Your Password:   <input type="password" name="fcpwd" size="30" /><br /><br />
Select User Type:   <select name="fcuser">
<option value="admin">Administrator</option>
<option value="fac">Faculty</option>
<option value="stud">Student</option></select><br />
                                  
<input type="submit" value="Log Me in" /></font></form>
<br><br><font face=papyrus color=#000000 size=5>                  
If not registered, <a href="facultyregn.html">Click Here!</a>
</font>
</div><br><br><br><br><br><br>
</div> ©2010 Fast Learn
</body>

</html>

Note:: I cant able to attach my file, so i've to paste the code here, I am Sorry for the inconvenience.

Pasting code is the preferred method. Attachments are a pain. But please be sure to use CODE tags (see UseCodeTags).

In any case, you should not be putting Java code into a JSP. That is a poor practice that has been discredited for almost a decade now. Refactor out the logoff code into a servlet and then we can take things from there is you are still having difficulties.

well, ok. i will code it in a servlet and then if there's any problem, i will get back here.
bt why is that it discouraged to use java code in jsp.
scriptlet tags are for that purpose only, na?

Rituparna Duttagupta wrote:well, ok. i will code it in a servlet and then if there's any problem, i will get back here.
bt why is that it discouraged to use java code in jsp.
scriptlet tags are for that purpose only, na?

Back when JSPs came out, yes. Since then, people created monsters of spaghetti in the JSP. Model/view/controller (MVC) reinforced the best practice that JSPs should only be used for display. And today JSTL/EL make this easy.

As Jeanne said, prior to 2002, scriptlets were the means to code JSPs. Since then, it's the JSTL and EL.

hello Bibeault,
I am back again with the same problem, i have put the logOut code in logOut.java file..
package fiveStar; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.*; import javax.servlet.http.*; /** * * @author RITU */ public class logOut extends HttpServlet { /** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); try { HttpSession session= request.getSession(false); if(session!=null){ session.removeAttribute("user"); session.removeAttribute("eml"); session.removeAttribute("url"); session.invalidate(); } response.sendRedirect("index.jsp"); } finally { out.close(); } } }
my logIn.java file goes like this...
package fiveStar; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.*; import javax.servlet.http.*; /** * * @author RITU */ public class logIn extends HttpServlet { /** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); String type=request.getParameter("logAs"); String id=request.getParameter("logId"); String p=request.getParameter("pwd"); try { Context c = new InitialContext(); loginLocal l = (loginLocal) c.lookup("java:global/OnlineHotelManagement/OnlineHotelManagement-ejb/login!pack.loginLocal"); if(l.logMe(id, p)){ if(type.equals("Administrator")){ RequestDispatcher rd=request.getRequestDispatcher("Admnstr.jsp"); request.getSession(true); session.setAttribute("user", type); session.setAttribute("url","Admnstr.jsp" ); rd.forward(request, response); } else if(type.equals("booker")){ RequestDispatcher rd=request.getRequestDispatcher("Booking.jsp"); request.getSession(true); session.setAttribute("user", type); session.setAttribute("url","Booking.jsp" ); rd.forward(request, response); } else{ RequestDispatcher rd=request.getRequestDispatcher("Error.html"); rd.forward(request, response); } } } catch (NamingException ne) { Logger.getLogger(getClass().getName()).log(Level.SEVERE, "exception caught", ne); throw new RuntimeException(ne); } } }

both the files are working, that means i can log in, enter the user page, and after logging out i get redirected to index.jsp. upto this everything is working.
But, then when i am clicking on the Back button on the browser, i get back to the previous page, from where i'd been looged out.
how can i stop the browser to get back to the previous page?
I mean, once logged out, the user should by no means go back to her page without re-logging, not even by clicking on the back button of the browser.
Isn't that possible?
If no, then why is it not possible? if it's possible, how can i make this happen for my code?

thanks in advance..

make a session variable on user login and use it on each page ...

check for the session variable every time user visits a page ...

dissolve the session variable once the user logs out

hope this will work for you ... it worked for me

yeah, on every user page i've used that session.getAttribute("user") and displayed it. But how to check the session?
i've dissolved the session in logOut.java by session.invalidate(); and also made the session.getSession(false).
but that's not enough it seems.
i must perform that session check, i think, but how? i don't know the process.

can anyone help, please?
thanks in advance...

hey Lalit,
do want to say that i must dissolve the session in the user page??
but how can i do that?

on the logout page ... i mean when the user logs out remove that session variable
and then when the user visits any other page i.e. after he logs out, check to see if that variable is there and then only allow him to visit the page he is reffering to