Session doesn't get invalid, Can go back and requery the database

Hi,

I have an application, using Oracle UIX. I use Basic Login Authentication. when the user hits the datapage, the browser display a browser logon, user and password. However, after this step, user is logged on, even if you close and reopen the browser, still you can access and query  the page without logon. I tried to use session.invalidate, but still didn't work (although I can see a println message that confirms that this part has been run. I can send the user back to a jsp page, but I want to make sure that all the user id and password are deleted, so the browser will be forced to pop up the login dialogue again on next request to open. I would appreciate your help and assistance.

Using OC4J 10g

Tha
uteeAsked:
Who is Participating?
 
bloodredsunConnect With a Mentor Commented:
Check that the page is not being cached. You shouldn't need to add the above code as Tomcat should be able to do it all for you, I'd advise you to check your configuration.
0
 
aaaaaaCommented:
in top of each page, u need to add this
if (session.getAttribute("ur attribute here") == null){
  response.sendRedirect("login.jsp");
}
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.