 |  |  |  |  |  |  |  |
logout problem
Please support our JSP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
hi,
i'm trying to build a web page which permits the user to login before accessing the contents of the site. the login works fine (i did it using jsp), but i am not able to logout properly, that is, when i click on a "logout" hyperlink, it sends me to the proper page, but when i do "back" on my explorer, it gives me the previous page again. so my logout is pointless.
can anyone tell me how to prevent this from happening please?i don't know if i should use jsp, javascript or html to do this.
i need this urgently for my project.
thanks for replying as quickly as possible.
i'm trying to build a web page which permits the user to login before accessing the contents of the site. the login works fine (i did it using jsp), but i am not able to logout properly, that is, when i click on a "logout" hyperlink, it sends me to the proper page, but when i do "back" on my explorer, it gives me the previous page again. so my logout is pointless.
can anyone tell me how to prevent this from happening please?i don't know if i should use jsp, javascript or html to do this.
i need this urgently for my project.
thanks for replying as quickly as possible.
•
•
Join Date: Feb 2006
Posts: 2,277
Reputation: 
Solved Threads: 242
I assume your login assigns a session. If so, than on logout do
session.invalidate() Pushing back on the browser may still show the
site but it should only be a version of the site in the cache. If the user
tries to actually submit anything, or reload the site, it should not work.
session.invalidate() Pushing back on the browser may still show the
site but it should only be a version of the site in the cache. If the user
tries to actually submit anything, or reload the site, it should not work.
Java Programmer and Sun Systems Administrator
----------------------------------------------
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
--Brian Kernighan
----------------------------------------------
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
--Brian Kernighan
•
•
•
•
Originally Posted by masijade
I assume your login assigns a session. If so, than on logout do
session.invalidate() Pushing back on the browser may still show the
site but it should only be a version of the site in the cache. If the user
tries to actually submit anything, or reload the site, it should not work.
is session secure?if you have a working piece of code using session can you send me please?i need this urgently for my project. thanks for your help!
•
•
Join Date: Feb 2006
Posts: 2,277
Reputation:
Solved Threads: 242
on the login page, you create a session as follows:
this will create a session if none exists.
During the rest of the users activities, all other pages should use the
following:
This will return null if there is no valid session. So check for this.
If anything happens (i.e. the login fails or you go to the logout page),
do the following:
This will invalidate the session so that further getSession calls using false
return null.
This is the basic session process/life cycle.
The login itself, you can still do yourself, and if it fails, just invalidate
the session, as mentioned above. If it succeeds, then continue with the
site, and on the logout page, invalidate the session again.
JSP Syntax (Toggle Plain Text)
this will create a session if none exists.
During the rest of the users activities, all other pages should use the
following:
JSP Syntax (Toggle Plain Text)
This will return null if there is no valid session. So check for this.
If anything happens (i.e. the login fails or you go to the logout page),
do the following:
JSP Syntax (Toggle Plain Text)
This will invalidate the session so that further getSession calls using false
return null.
This is the basic session process/life cycle.
The login itself, you can still do yourself, and if it fails, just invalidate
the session, as mentioned above. If it succeeds, then continue with the
site, and on the logout page, invalidate the session again.
Java Programmer and Sun Systems Administrator
----------------------------------------------
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
--Brian Kernighan
----------------------------------------------
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
--Brian Kernighan
•
•
•
•
Originally Posted by masijade
on the login page, you create a session as follows:
JSP Syntax (Toggle Plain Text)
this will create a session if none exists.
During the rest of the users activities, all other pages should use the
following:
JSP Syntax (Toggle Plain Text)
This will return null if there is no valid session. So check for this.
If anything happens (i.e. the login fails or you go to the logout page),
do the following:
JSP Syntax (Toggle Plain Text)
This will invalidate the session so that further getSession calls using false
return null.
This is the basic session process/life cycle.
The login itself, you can still do yourself, and if it fails, just invalidate
the session, as mentioned above. If it succeeds, then continue with the
site, and on the logout page, invalidate the session again.
i just have to put it between <% %> at the start of the page right? well its giving me the error: duplicate session variable. am very new to jsp, sorry if i seem a bit dumb
First you check for the User name and password submitted from the login page , after validating the values submitted by the user , set a flag if the user is valid (successful login)
Like session.setAttribute("flag","true");
then put a condition down to forward the page .
your logout button should take you to the page where session.invalidate(); get called
now your logout function should happen
l
Like session.setAttribute("flag","true");
then put a condition down to forward the page .
your logout button should take you to the page where session.invalidate(); get called
now your logout function should happen
l
Hi to all. I have tried the code:
session.invalidate();
But still i am able to archive my solution.
When i click back button. Its still going to the previous page.
Plz any one can help me on this.
Advance thanks.
session.invalidate();
But still i am able to archive my solution.
When i click back button. Its still going to the previous page.
Plz any one can help me on this.
Advance thanks.
•
•
Join Date: Feb 2006
Posts: 2,277
Reputation:
Solved Threads: 242
Have you tried "reloading" that page, or is it simply a static version cached by the browser?
If you are able to "reload" the page, then I am willing to bet that you are using getSession(true) to retrieve the session (in which case you are creating a new session if one does not already exist).
The static, cached page you can't really do anything about (from the server). You can set response headers and pragmas (Google no-cache and expires) to try and prevent it, but the browser does not have to follow these. Or you can use some JavaScript to play with the history, but the browser may have this deactivated.
If you are able to "reload" the page, then I am willing to bet that you are using getSession(true) to retrieve the session (in which case you are creating a new session if one does not already exist).
The static, cached page you can't really do anything about (from the server). You can set response headers and pragmas (Google no-cache and expires) to try and prevent it, but the browser does not have to follow these. Or you can use some JavaScript to play with the history, but the browser may have this deactivated.
Last edited by masijade; Dec 12th, 2007 at 3:47 am. Reason: typo (and probably still more left over)
Java Programmer and Sun Systems Administrator
----------------------------------------------
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
--Brian Kernighan
----------------------------------------------
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
--Brian Kernighan
|
Similar Threads
- Knoppix for Newbies! (Getting Started and Choosing a Distro)
- How I can deactivate backward option in jsp web pagewhen I logout as a user (JSP)
- logout problem after sessionivalidate (JSP)
Other Threads in the JSP Forum
- Previous Thread: how to move to another column with increasing rows
- Next Thread: another session problem
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest JSP Posts
- Today's Posts
- Unanswered Threads
apache backbutton combobox connection database development directorystructure dynamicpagetitles eclipse frames glassfish imagetodatabse imageupload internet java javaee javascript jsf jsp jsppagetitles levels mvc2 mvcmodel2 network parameters passing ping printinserverinsteadofclient redirect request.getparameter response servlet servletdopost()readxml sessions software ssl state_saving_method stocks sun tomcat tutorial video web