just as a quick sanity check
HTTPSession strSession = request.getSession(false);
strSession.removeAttribute("sessionState");
strSession = session.getId();
while(strSession != null)
{ //session information is still there
session.invalidate();
strSession = session.getId();
}
response.sendRedirect("/BMS/logout_success.jsp");
//To clear the cache I would place these meta-commands in the head
<meta http-equiv="Cache-Control" content="no-cache, no-store,
must-revalidate">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="0">
Then again that message appears to be specific to IE on XP SP2
http://support.microsoft.com/default.aspx?scid=kb;en-us;890178
Anyone else?
M-
----- Original Message -----
From: "Priya Saloni" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <user@struts.apache.org>
Cc: "Garner, Nigel M" <[EMAIL PROTECTED]>
Sent: Friday, December 16, 2005 1:46 PM
Subject: Re: Back Button Problem..
Thanks for your time.But i can't use Appuse at this time because my project
ready for production(Except this problem).
Priya
On 12/16/05, Garner, Nigel M <[EMAIL PROTECTED]> wrote:
You could always use a ServletFilter to make sure that users never have
access to pages that you don't want them to. By checking for a user
object or something like the sessionState object then you could
determine whether or not the user is logged in. If not then it will
allow you to redirect the user to where ever you want.
I have used them on a number of occasion for this purpose and I think
the struts appfuse projected (see struts.sourceforge.net) provide a
downloadable implementation.
Thanks
Nigel
-----Original Message-----
From: Priya Saloni [mailto:[EMAIL PROTECTED]
Sent: 16 December 2005 14:49
To: Struts Users Mailing List
Subject: Back Button Problem..
Hi there,
I facing a BIG problem in my struts based application.When i logout my
website and hit back button it showing a page like the following
//
Warning: Page has Expired
The page you requested was created using information you submitted in a
form. This page is no longer available. As a security precaution,
Internet Explorer does not automatically resubmit your information for
you.
To resubmit your information and view this Web page, click the
*Refresh*button.
//
When i refresh the page its showing the secured web pages too.My code in
LogoutAction is as follows
request.getSession().removeAttribute("sessionState");
request.getSession().invalidate();
response.sendRedirect("/BMS/logout_success.jsp");
sessionState is the VO where iam keeping all the objects i want to keep
in session..Is there any way in struts to make sure that it won't
display the page like above..
Thanks
Priya.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
