• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Implementing Http session

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Friends
I want to implement session logout. that is if user's session is invalidated then he should not be able to access it.I have implemented like this
login.jsp
-------------
<form action=home.jlc>
<table>
<tr>
<td>UserName</td>
<td><input type="text" name="uname"></td>
</tr>
<tr><td>Password</td>
<td><input type="password" name="pwd">
</tr>
<tr><td colspan="2" align="center">
<input type="submit" value="login"/>
</table>
</form>

Home.java
-------------------
public class Home extends HttpServlet {
public void service(HttpServletRequest req,HttpServletResponse res)
throws ServletException,IOException{
HttpSession ses=req.getSession();
String un=req.getParameter("uname");
String pw=req.getParameter("pwd");
if(un.equals(pw)){
ses.setAttribute("USERNAME", un);
res.sendRedirect("home.jsp");
}
else{
RequestDispatcher rd1=req.getRequestDispatcher("/login.jsp");
rd1.forward(req, res);
PrintWriter out=res.getWriter();
out.println("Invalid username and password");
}
}
}

Home.jsp
-----------------
<form action="logout.jlc">
<table>
<% Object obj=session.getAttribute("USERNAME");
String str=obj.toString();
System.out.println(str);
out.println("<h1> Hi "+str+"</h1>");
%>
<tr>
<td><input type="submit" value="logout"/></td>
</tr>
</table></form>

Logout.java
-------------------
public class Logout extends HttpServlet {
public void service(HttpServletRequest req,HttpServletResponse res)
throws ServletException,IOException{
HttpSession ses=req.getSession();
Object obj=ses.getAttribute("USERNAME");
String str=obj.toString();
ses.removeAttribute("USERNAME");

ses.invalidate();
res.sendRedirect("logout.jsp");
}
}
logout.jsp
------------------
<center>
<%if(request.getSession()==null){
response.sendRedirect("logout.jsp");
}
%>
<h1>you have logged out</h1>


The problem is when i logout using logout button, session is invalidated but when i click on back page it goes back on the same page.How to prevent it from accessing if someone has already logged out.
 
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It looks like the page is being cached by the browser. You can set headers to suggest to the browser not to cache the page. Try http header do not cache
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic