Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Session.invalidate() is not working on Tomcat7.0  RSS feed

 
vikas gunti
Greenhorn
Posts: 19
Eclipse IDE Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
session.invalidate() is not working on Tomcat7.0 server I am getting the same session number after the invalidation also, and also after logout the back button is also working taking the page to authenticated page, help me in these two issue.

Here is my logout.jsp
<%System.out.print("user is:"+session.getId());

response.setHeader("Cache-Control","no-store");
response.setHeader("Pragma","no-cache");

response.setDateHeader("Expires",0);
request.getSession().invalidate();
System.out.print("user is:"+session.getId());
response.sendRedirect("Home.jsp");

%>

 
Devaka Cooray
Marshal
Posts: 5323
575
Chrome Eclipse IDE Google App Engine IntelliJ IDE jQuery Postgres Database Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Move this off to a servlet and you will no longer see the 'problem'- which there actually isn't any. JSP is NOT the place to put Java codes.
 
vikas gunti
Greenhorn
Posts: 19
Eclipse IDE Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Devaka ,

I wrote the same code in a servlet and I called it from the html page ,now the session is expiring but after logout the back button is working , when I pressed it is going in the authenticated page , and it is creating a new session by it self ,now my question is how to restrict the back button working , help me in this issue.
 
Devaka Cooray
Marshal
Posts: 5323
575
Chrome Eclipse IDE Google App Engine IntelliJ IDE jQuery Postgres Database Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
vikas gunti wrote:I wrote the same code in a servlet

Make sure your application uses proper components for proper reasons. Your HTML (or JSP) form should do nothing but sending a post (or get) request to your application. Your servlet should be the once taking your request, and doing the necessary validation/redirection/dispatch stuff. If you have some business to do, like accessing a database or processing something with the request, make another set of classes as appropriate, and have your servlet call those classes as you need. Finally, if you need to send something to the user's screen, use a JSP, which is what your Hello.jsp is for, I guess. In that JSP, it should contain nothing but only what it takes to show the content. No scriptlets (the <% %> tags) ever!

You have set the cache controls correctly, but it looks like you are setting them on the logout action, which doesn't make sense. Instead, set them on pages that you don't need to cache - the authenticated pages.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!