• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Session.invalidate() is not working on Tomcat7.0

 
Greenhorn
Posts: 19
Eclipse IDE Oracle Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
session.invalidate() is not working on Tomcat7.0 server I am getting the same session number after the invalidation also, and also after logout the back button is also working taking the page to authenticated page, help me in these two issue.

Here is my logout.jsp
<%System.out.print("user is:"+session.getId());

response.setHeader("Cache-Control","no-store");
response.setHeader("Pragma","no-cache");

response.setDateHeader("Expires",0);
request.getSession().invalidate();
System.out.print("user is:"+session.getId());
response.sendRedirect("Home.jsp");

%>

 
Sheriff
Posts: 7135
1360
IntelliJ IDE jQuery Eclipse IDE Postgres Database Tomcat Server Chrome Google App Engine
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Move this off to a servlet and you will no longer see the 'problem'- which there actually isn't any. JSP is NOT the place to put Java codes.
 
vikas gunti
Greenhorn
Posts: 19
Eclipse IDE Oracle Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you Devaka ,

I wrote the same code in a servlet and I called it from the html page ,now the session is expiring but after logout the back button is working , when I pressed it is going in the authenticated page , and it is creating a new session by it self ,now my question is how to restrict the back button working , help me in this issue.
 
Devaka Cooray
Sheriff
Posts: 7135
1360
IntelliJ IDE jQuery Eclipse IDE Postgres Database Tomcat Server Chrome Google App Engine
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

vikas gunti wrote:I wrote the same code in a servlet


Make sure your application uses proper components for proper reasons. Your HTML (or JSP) form should do nothing but sending a post (or get) request to your application. Your servlet should be the once taking your request, and doing the necessary validation/redirection/dispatch stuff. If you have some business to do, like accessing a database or processing something with the request, make another set of classes as appropriate, and have your servlet call those classes as you need. Finally, if you need to send something to the user's screen, use a JSP, which is what your Hello.jsp is for, I guess. In that JSP, it should contain nothing but only what it takes to show the content. No scriptlets (the <% %> tags) ever!

You have set the cache controls correctly, but it looks like you are setting them on the logout action, which doesn't make sense. Instead, set them on pages that you don't need to cache - the authenticated pages.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic