[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 186
  • Last Modified:

Session doesn't get invalid, Can go back and requery the database

Hi,

I have an application, using Oracle UIX. I use Basic Login Authentication. when the user hits the datapage, the browser display a browser logon, user and password. However, after this step, user is logged on, even if you close and reopen the browser, still you can access and query  the page without logon. I tried to use session.invalidate, but still didn't work (although I can see a println message that confirms that this part has been run. I can send the user back to a jsp page, but I want to make sure that all the user id and password are deleted, so the browser will be forced to pop up the login dialogue again on next request to open. I would appreciate your help and assistance.

Using OC4J 10g

Tha
0
utee
Asked:
utee
1 Solution
 
aaaaaaCommented:
in top of each page, u need to add this
if (session.getAttribute("ur attribute here") == null){
  response.sendRedirect("login.jsp");
}
0
 
bloodredsunCommented:
Check that the page is not being cached. You shouldn't need to add the above code as Tomcat should be able to do it all for you, I'd advise you to check your configuration.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now