Kiranmayee
asked on
session invalidate
I am having problem invalidating session.
1. my application has login page after successful login it goes to the menu page.
2. menu page has 3 buttons which will take to different html pages / servlets. menu page also has a exit button to come out of the application.
i tried to use the session.invalidate() but that isn't working. On cliking "exit" bitton directs to the X servlet. I used following code inside the X servlet
HttpSession session = request.getSession();
session.invalidate();
response.sendRedirect("http://----");
Can anybody help me?
Thanks
1. my application has login page after successful login it goes to the menu page.
2. menu page has 3 buttons which will take to different html pages / servlets. menu page also has a exit button to come out of the application.
i tried to use the session.invalidate() but that isn't working. On cliking "exit" bitton directs to the X servlet. I used following code inside the X servlet
HttpSession session = request.getSession();
session.invalidate();
response.sendRedirect("http://----");
Can anybody help me?
Thanks
ASKER
I have a exit button on a menu page on clicking it I use the session.invalidate( ) method and then redirect them to the logon page. If I click the "exit" button in the menu page the menu page correctly re-directs me to the logOn page.
i tried using
if (session != null)
session.invalidate();
response.redirect("logonpa ge");
However if I use the browsers back button and click refresh the menu page does not re-direct me to the logon page. Shouldn't the session.invalidate( ) method clear the attributes in the session?
i tried using
if (session != null)
session.invalidate();
response.redirect("logonpa
However if I use the browsers back button and click refresh the menu page does not re-direct me to the logon page. Shouldn't the session.invalidate( ) method clear the attributes in the session?
> Shouldn't the session.invalidate( ) method clear the attributes in the session?
it should.
please show us the code on the menu page which checks for valid session.
it should.
please show us the code on the menu page which checks for valid session.
ASKER
mainmenu
<table align="center">
<form name="logon" method = "post" action="http://-----/-/--/LogoutServlet">
<input TYPE="submit" STYLE= "Width:170px;Height:30px" VALUE="EXIT" tabindex="1">
</form>
</table>
LogoutServlet
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class LogoutServlet extends HttpServlet
{
public void doPost(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException
{
HttpSession session = request.getSession();
if(session != null)
{
session.invalidate();
response.sendRedirect("http://-----/---/--/--/logon.htm");
}
}
}
<table align="center">
<form name="logon" method = "post" action="http://-----/-/--/LogoutServlet">
<input TYPE="submit" STYLE= "Width:170px;Height:30px" VALUE="EXIT" tabindex="1">
</form>
</table>
LogoutServlet
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class LogoutServlet extends HttpServlet
{
public void doPost(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException
{
HttpSession session = request.getSession();
if(session != null)
{
session.invalidate();
response.sendRedirect("http://-----/---/--/--/logon.htm");
}
}
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i checked for the validity in the mainmenu page
<%
if (session.getAttribute("<so meVariable YouSet>") == null) {
response.sendRedirect("http://.../logon.htm");
return;
}
else
{
%>
<html>
|
|
<table align="center">
<form name="logon" method = "post" action="http://-----/- /--/LogoutServlet">
<input TYPE="submit" STYLE= "Width:170px;Height:30px" VALUE="EXIT" tabindex="1">
</form>
</table>
<% } %>
Inspite of this when i use the browser back button after clicking "exit" it takes me to the mainmenu not the login page.
<%
if (session.getAttribute("<so
response.sendRedirect("http://.../logon.htm");
return;
}
else
{
%>
<html>
|
|
<table align="center">
<form name="logon" method = "post" action="http://-----/- /--/LogoutServlet">
<input TYPE="submit" STYLE= "Width:170px;Height:30px" VALUE="EXIT" tabindex="1">
</form>
</table>
<% } %>
Inspite of this when i use the browser back button after clicking "exit" it takes me to the mainmenu not the login page.
> Inspite of this when i use the browser back button after clicking "exit" it takes me to the mainmenu not the login page.
even if you refresh the page?
even if you refresh the page?
Hi Kiran,
Can you redirect succesfully if you do not invalidate the session?
Can you redirect succesfully if you do not invalidate the session?
ASKER
Erwin,
I can redirect successfully if don't invalidate session.
bobbit31
1. i successfully login from login.html
2. now i am on mainmenu page . it has 2 buttons. i click on the "exit" button.
3. i am on the login page.
4. click the browser back button .
5. Refresh the page. it takes to the mainmenu page.
I can access both the buttons on the mainmenu page.
a. button1 directs to page1.html(page1.html has a button to direct to mainmenu page). now when i try to access this page it says session expired and directs me to the login page
I can redirect successfully if don't invalidate session.
bobbit31
1. i successfully login from login.html
2. now i am on mainmenu page . it has 2 buttons. i click on the "exit" button.
3. i am on the login page.
4. click the browser back button .
5. Refresh the page. it takes to the mainmenu page.
I can access both the buttons on the mainmenu page.
a. button1 directs to page1.html(page1.html has a button to direct to mainmenu page). now when i try to access this page it says session expired and directs me to the login page
when you login, do you do:
session.setAttribute("<som eVariableY ouSet>", <some object>);
session.setAttribute("<som
ASKER
yes i used setAttribute() at login. I also tried to use session.removeAttribute(<v ariableISe t>) in the logoutservlet.
> 4. click the browser back button
what page are you now on? mainmenu?
what page are you now on? mainmenu?
ASKER
i am on the mainmenu page. it displays message
"Warning: Page has Expired
The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you.
To resubmit your information and view this Web page, click the Refresh button. ".
i click on the refresh button and mainmenu page is displayed.
"Warning: Page has Expired
The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you.
To resubmit your information and view this Web page, click the Refresh button. ".
i click on the refresh button and mainmenu page is displayed.
Kiran,
Have you tried to
1) removeAttribute("userid") and removeAttribute("oldpasswo rd")
2) then redirect
without invalidating the session.
Also, you may want to check if session invalidation is the way to go at all - I am not completely sure but I think it was deprecated or no logner supported?
Have you tried to
1) removeAttribute("userid") and removeAttribute("oldpasswo
2) then redirect
without invalidating the session.
Also, you may want to check if session invalidation is the way to go at all - I am not completely sure but I think it was deprecated or no logner supported?
ASKER
Hi Erwin,
I used removeAttribute() too. when i press the browser's back button, the page is displayed from the browser's cache. So i am now using the following code in those pages which i don't want to be cached.
response.setDateHeader("Ex pires",0);
response.setHeader("Pragma ","No-cach e");
This code works...but is giving me some problem. i am working on that.
Thanks
I used removeAttribute() too. when i press the browser's back button, the page is displayed from the browser's cache. So i am now using the following code in those pages which i don't want to be cached.
response.setDateHeader("Ex
response.setHeader("Pragma
This code works...but is giving me some problem. i am working on that.
Thanks
ASKER
response.setHeader("Cache- Control"," no-cache") ;
response.setDateHeader("Ex pires",0);
response.setHeader("Pragma ","No-cach e"); .
This code works on few pages. But when i login and exit immediatly, i can access application by clicking browser's back button and refreshing the screen.
response.setDateHeader("Ex
response.setHeader("Pragma
This code works on few pages. But when i login and exit immediatly, i can access application by clicking browser's back button and refreshing the screen.
ASKER
Sorry for the delay.
Thanks
Thanks
you also might want to do this:
if (session != null)
session.invalidate();
response.sendRedirect("http://...