Im sorry if this sounds really silly (here goes),
when a user logs out of web site, and they are directed to the "You have now logged out, thankyou for using the site" page, how does the
application know to invalidate the authentication stuff that was entered by the user when they logged in, ie if the user logs out and leaves the
computer is it possible that another user on the same computer can view the earlier users info by pressing the "back" button, Or is the solution to invalidate the the controller session bean.
Or just as there is a special notion of a Login page that u can specify in the web.xml deployment descriptor, that the app knoiws it must go to to for authentication purposes, is there one for Logging Off/out you can specify. Thankyou 4 your time