Hi Friends
I want to implement session logout. that is if user's session is invalidated then he should not be able to access it.I have implemented like this
login.jsp
-------------
<form action=home.jlc>
<table>
<tr>
<td>UserName</td>
<td><input type="text" name="uname"></td>
</tr>
<tr><td>Password</td>
<td><input type="password" name="pwd">
</tr>
<tr><td colspan="2" align="center">
<input type="submit" value="login"/>
</table>
</form>
Home.java
-------------------
public class Home extends HttpServlet {
public void service(HttpServletRequest req,HttpServletResponse res)
throws ServletException,IOException{
HttpSession ses=req.getSession();
String un=req.getParameter("uname");
String pw=req.getParameter("pwd");
if(un.equals(pw)){
ses.setAttribute("USERNAME", un);
res.sendRedirect("home.jsp");
}
else{
RequestDispatcher rd1=req.getRequestDispatcher("/login.jsp");
rd1.forward(req, res);
PrintWriter out=res.getWriter();
out.println("Invalid username and password");
}
}
}
Home.jsp
-----------------
<form action="logout.jlc">
<table>
<% Object obj=session.getAttribute("USERNAME");
String str=obj.toString();
System.out.println(str);
out.println("<h1> Hi "+str+"</h1>");
%>
<tr>
<td><input type="submit" value="logout"/></td>
</tr>
</table></form>
Logout.java
-------------------
public class Logout extends HttpServlet {
public void service(HttpServletRequest req,HttpServletResponse res)
throws ServletException,IOException{
HttpSession ses=req.getSession();
Object obj=ses.getAttribute("USERNAME");
String str=obj.toString();
ses.removeAttribute("USERNAME");
ses.invalidate();
res.sendRedirect("logout.jsp");
}
}
logout.jsp
------------------
<center>
<%if(request.getSession()==null){
response.sendRedirect("logout.jsp");
}
%>
<h1>you have logged out</h1>
The problem is when i logout using logout button, session is invalidated but when i click on back page it goes back on the same page.How to prevent it from accessing if someone has already logged out.