This site is currently read-only as we are migrating to Oracle Forums for an improved community experience. You will not be able to initiate activity until January 31st, when you will be able to use this site as normal.

    Forum Stats

  • 3,890,899 Users
  • 2,269,649 Discussions
  • 7,916,821 Comments

Discussions

Session does not work

988497
988497 Member Posts: 1
Previous page can be seen even after user logs out from the JSP page.
My code is:

Logout.jsp:

<%@page contentType="text/html" pageEncoding="UTF-8"%>

<html>
<head>

<title>JSP Page</title>

</head>
<body>

<%

session.removeAttribute("username");
session.removeAttribute("password");
session.invalidate();
%>
<% response.setHeader("Cache-Control","no-cache");%>
<h1>Logout was done successfully.</h1>

</body>

</html>



how to resolve this?

Answers

  • r035198x
    r035198x Member Posts: 2,499
    Typically you would configure a filter that sends the user to the login page if they are not logged in (or have been logged out) .
    So when the user logs in, add their user name to the session as an attribute. When they log out remove the userName attribute from the session.
    Then all the filter does is check if userName attribute is set. If it is not set it redirects to the login page.
  • Murray9654
    Murray9654 Mr Muralidhar Yaragalla Ponnur, Andhra Pradesh, IndiaMember Posts: 486
    edited Feb 6, 2013 5:14PM
    Coming to your code you have requested the browser not to cache the logout page but the previous pages are cached so when u hit the previous button on the browser it will display the previous page which is cached. you have to write this
     <% response.setHeader("Cache-Control","no-cache");%> 
    in every jsp page if none of the jsp page should be cached. if you are making a fresh request for the previous jsp page after logging out still it displays the page with no personal content, I mean the stuff that you are retrieving from the session. it is because you have destroyed the session by linvalidating it. The other content which does not relate to session will still be displayed.

    If none of the page should be displayed after logging out even though you request use filters to divert all the requests to a login page if they are not logged in. hope this helps.

    Edited by: EJP on 7/02/2013 09:13: cashed -> cached
This discussion has been closed.