i'm having the same problem , please help anyone?
-----Original Message-----
From: Shamdasani Nimmi-ANS004 [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 9:32 PM
To: struts-user@jakarta. apache. org (E-mail)
Subject: STRANGE: session.invalidate() is not invalidating the session
Hi,
I noticed a peculiar thing. In my application I have a logout link on pages.
This link control goes to 'Logout' action where I clean up the session
variables and then invalidate the session with:
session.invalidate();
and this class forwards it to Logout.jsp which just has the goodbye message.
I have noticed that at this point if I keep going back with the back key of
my browser to the point where jsessionid is part of the URL, i.e.,
http://localhost:8080/msqc/logon.do;jsessionid=149062E2E0A77480075991317505D
453
and do the browser refresh here then I can go back into the application
without having to log in again. It is as if the session is still alive.
All the screens(incl. the above URL point) going backwards from Logout.jsp
do show the page expired message but doing refresh on the above URL screen
only brings back the application
Could someone please explain this to me? Has anyone else seen this?
BTW I am using Tomcat 4.0 and Struts 1.1(same happens with 1.0 too)
TIA.
-Nimmi
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
