Removed session but Browser can still display the page
Hi, I have a problem with using HttpSession class. When the user login, I create a new session by request.getSession(true). When the user logout, the session is removed by session.invalidate(). In doing this, when the user is trying to go back to the previous page without login, the browser should not show the page because the servlet knows that the session for this user has already been invalidated. My problem is that In JBuilder, the code works as expected. But in Tomcat, it always failed. The browser can display the previous page when I use Back button in the toolbar, or when I type in the URL for the pages that should be displayed only after the user login. Can anybody help me? Thanks in advance. Kelly - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Removed session but Browser can still display the page
When a client pushes the browsers 'back' button, this page is often read from cache... adding the following line to the HTML head might help: META HTTP-EQUIV=Pragma CONTENT=no-cache gr, Peter [EMAIL PROTECTED] wrote: Hi, I have a problem with using HttpSession class. When the user login, I create a new session by request.getSession(true). When the user logout, the session is removed by session.invalidate(). In doing this, when the user is trying to go back to the previous page without login, the browser should not show the page because the servlet knows that the session for this user has already been invalidated. My problem is that In JBuilder, the code works as expected. But in Tomcat, it always failed. The browser can display the previous page when I use Back button in the toolbar, or when I type in the URL for the pages that should be displayed only after the user login. Can anybody help me? Thanks in advance. Kelly - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Removed session but Browser can still display the page
Kelly, The browser can display the previous page when I use Back button in the toolbar This is often the case due to browsers caching the pages on the client side. You will not be able to prevent this. or when I type in the URL for the pages that should be displayed only after the user login. Now, browsers *should* be re-visiting the URL if you type it into the location bar. Are you actually checking the session for some kind of credential token for a login, or are you just checking the presence of the session? The default session setting for JSPs is on, which means that unless you have put @page session=false@ at the top of your page, then you'll get a new session if you don't already have one. Perhaps that could be affecting you... -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]