Hi,
I've recently inherited some existing code the used to run under NAS on
Solaris and have moved it to IPlanet 4.1 on NT. One problem I have noticed
is as follows
1. A user logs in and details are stored in the session, the session is
checked in every servlet to see if it is null and therefore if access should
be allowed.
2. The user does some stuff then logs out, the logout servlet uses
session.invalidate() to prevent anyone using the back button to get back
into the system.
3. The session isn't destroyed, but all the stuff in it is unbound, so any
objects that you try to get from the session are null. Also the session
hangs around.
4. If someone now uses a back button to access a previous page, the
session=null test says the user has a valid session and the servlet tries to
do it's job.
5. As the objects in the session have been unbound everything just hangs.
The only sensible work around I've found is to check the session for null
first, then if I get a session check the objects in the session for null and
put a you've been logged out page up if anything is null.
Has anyone else seen a similar problem and found a better work around?
Pete
----------------------------------------------------------------------------
-----------------
Peter Mengell
Software Engineer
IntervoiceBrite
[EMAIL PROTECTED]
----------------------------------------------------------------------------
-----------------
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
