943,985 Members | Top Members by Rank

Web Development > JSP > logout problem
Ad:
  • JSP Discussion Thread
  • Unsolved
  • Views: 13638
  • JSP RSS
Permalink
Jun 5th, 2006
0

logout problem

Expand Post »
hi,
i'm trying to build a web page which permits the user to login before accessing the contents of the site. the login works fine (i did it using jsp), but i am not able to logout properly, that is, when i click on a "logout" hyperlink, it sends me to the proper page, but when i do "back" on my explorer, it gives me the previous page again. so my logout is pointless.

can anyone tell me how to prevent this from happening please?i don't know if i should use jsp, javascript or html to do this.
i need this urgently for my project.
thanks for replying as quickly as possible.
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
sandy183 is offline Offline
9 posts
since Mar 2006
Permalink
Jun 6th, 2006
0

Re: logout problem

I assume your login assigns a session. If so, than on logout do
session.invalidate() Pushing back on the browser may still show the
site but it should only be a version of the site in the cache. If the user
tries to actually submit anything, or reload the site, it should not work.
Moderator
Reputation Points: 1471
Solved Threads: 490
Industrious Poster
masijade is offline Offline
4,043 posts
since Feb 2006
Permalink
Jun 6th, 2006
0

Re: logout problem

Quote originally posted by masijade ...
I assume your login assigns a session. If so, than on logout do
session.invalidate() Pushing back on the browser may still show the
site but it should only be a version of the site in the cache. If the user
tries to actually submit anything, or reload the site, it should not work.
actually i didn't use session, i did the login using pure java code by matching the username and password from the database, then just put it in the jsp code in my web page.
is session secure?if you have a working piece of code using session can you send me please?i need this urgently for my project. thanks for your help!
Reputation Points: 10
Solved Threads: 0
Newbie Poster
sandy183 is offline Offline
9 posts
since Mar 2006
Permalink
Jun 6th, 2006
0

Re: logout problem

on the login page, you create a session as follows:

JSP Syntax (Toggle Plain Text)
  1. HttpSession session = request.getSession(true);

this will create a session if none exists.

During the rest of the users activities, all other pages should use the
following:

JSP Syntax (Toggle Plain Text)
  1. HttpSession session = request.getSession(false);

This will return null if there is no valid session. So check for this.

If anything happens (i.e. the login fails or you go to the logout page),
do the following:

JSP Syntax (Toggle Plain Text)
  1. session.invalidate();

This will invalidate the session so that further getSession calls using false
return null.

This is the basic session process/life cycle.

The login itself, you can still do yourself, and if it fails, just invalidate
the session, as mentioned above. If it succeeds, then continue with the
site, and on the logout page, invalidate the session again.
Moderator
Reputation Points: 1471
Solved Threads: 490
Industrious Poster
masijade is offline Offline
4,043 posts
since Feb 2006
Permalink
Jun 6th, 2006
0

Re: logout problem

Quote originally posted by masijade ...
on the login page, you create a session as follows:

JSP Syntax (Toggle Plain Text)
  1. HttpSession session = request.getSession(true);

this will create a session if none exists.

During the rest of the users activities, all other pages should use the
following:

JSP Syntax (Toggle Plain Text)
  1. HttpSession session = request.getSession(false);

This will return null if there is no valid session. So check for this.

If anything happens (i.e. the login fails or you go to the logout page),
do the following:

JSP Syntax (Toggle Plain Text)
  1. session.invalidate();

This will invalidate the session so that further getSession calls using false
return null.

This is the basic session process/life cycle.

The login itself, you can still do yourself, and if it fails, just invalidate
the session, as mentioned above. If it succeeds, then continue with the
site, and on the logout page, invalidate the session again.
i tried using the HttpSession session = request.getSession(true);
i just have to put it between <% %> at the start of the page right? well its giving me the error: duplicate session variable. am very new to jsp, sorry if i seem a bit dumb
Reputation Points: 10
Solved Threads: 0
Newbie Poster
sandy183 is offline Offline
9 posts
since Mar 2006
Permalink
Aug 10th, 2006
0

Re: logout problem

First you check for the User name and password submitted from the login page , after validating the values submitted by the user , set a flag if the user is valid (successful login)
Like session.setAttribute("flag","true");
then put a condition down to forward the page .
your logout button should take you to the page where session.invalidate(); get called
now your logout function should happen

l
Reputation Points: 10
Solved Threads: 0
Newbie Poster
skoiloth is offline Offline
8 posts
since Oct 2005
Permalink
Dec 12th, 2007
0

Re: logout problem

Hi to all. I have tried the code:

session.invalidate();

But still i am able to archive my solution.
When i click back button. Its still going to the previous page.

Plz any one can help me on this.
Advance thanks.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
shajidbasha is offline Offline
2 posts
since Dec 2007
Permalink
Dec 12th, 2007
0

Re: logout problem

Have you tried "reloading" that page, or is it simply a static version cached by the browser?

If you are able to "reload" the page, then I am willing to bet that you are using getSession(true) to retrieve the session (in which case you are creating a new session if one does not already exist).

The static, cached page you can't really do anything about (from the server). You can set response headers and pragmas (Google no-cache and expires) to try and prevent it, but the browser does not have to follow these. Or you can use some JavaScript to play with the history, but the browser may have this deactivated.
Last edited by masijade; Dec 12th, 2007 at 3:47 am. Reason: typo (and probably still more left over)
Moderator
Reputation Points: 1471
Solved Threads: 490
Industrious Poster
masijade is offline Offline
4,043 posts
since Feb 2006
Permalink
Dec 12th, 2007
0

Re: logout problem

Hi Masijade thanks for your reply. I am using only an static page. I want to use only userName and password fields only as you can see some mailling websites. How can i get that? Plz can you help me.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
shajidbasha is offline Offline
2 posts
since Dec 2007

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in JSP Forum Timeline: how to move to another column with increasing rows
Next Thread in JSP Forum Timeline: another session problem





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC