RE: Session lifecycle (UNCLASSIFIED)

Tue, 09 Aug 2005 07:40:25 -0700 

Classification:  UNCLASSIFIED 
Caveats: NONE

My fault, I forgot to mention that I am using struts.  The code is below

  public ActionForward execute(ActionMapping mapping,
    ActionForm form, HttpServletRequest request, HttpServletResponse
response)
    throws Exception
  {
        HttpSession session = request.getSession();
        session.setAttribute("pageTitle", "Logout Action");
        session.removeAttribute("userId");
        session.removeAttribute("access");
        session.removeAttribute("tempId");
        session.removeAttribute("oldpassword");
        UserList.getInstance().removeUser(session.getId());
        session.invalidate();
        
    // Forward control to this Action's forward page.
    return mapping.findForward("login");
  }

Let's say that I ran a report, I logged out, if I hit the back button, it
takes right into the report I ran before logging out.
For security issues, the session to be destroyed and if the user tries to go
back, I want to display session has expired.

Thanks for your input. 

-----Original Message-----
From: Arup Vidyerthy [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 09, 2005 10:26 AM
To: 'Tomcat Users List'
Subject: RE: Session lifecycle (UNCLASSIFIED)

Samara,

If your logout is a 'post' then when the user hits the back button he/she
should see a session expired message.

Arup

-----Original Message-----
From: Samara, Fadi N Mr ACSIM/ASPEX [mailto:[EMAIL PROTECTED]
Sent: 09 August 2005 15:03
To: 'Tomcat Users List'
Subject: Session lifecycle (UNCLASSIFIED)

Classification:  UNCLASSIFIED
Caveats: NONE

Hey List,

I have an application that has login/logout functionality.  If a user logs
out and then presses the back button, they could go back in the application.
Anyone has an idea of what should be done ? 

Thanks
Fadi
Classification:  UNCLASSIFIED
Caveats: NONE



        
        
                
___________________________________________________________
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with
voicemail http://uk.messenger.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Classification:  UNCLASSIFIED 
Caveats: NONE


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to