Here is my Code, request.getSession().removeAttribute("sessionState"); request.getSession().invalidate(); response.sendRedirect("/BMS/logout_success.jsp");
It invalidates properly but when i hit back button its asking to resubmit.Iread it some where that by implementing Tokens we can avoid this problem.Any one have idea where i can get the example application to work with Transaction Tokens.. Thanks Priya On 12/16/05, Martin Gainty <[EMAIL PROTECTED]> wrote: > > just as a quick sanity check > > HTTPSession strSession = request.getSession(false); > strSession.removeAttribute("sessionState"); > > strSession = session.getId(); > while(strSession != null) > { //session information is still there > session.invalidate(); > strSession = session.getId(); > } > response.sendRedirect("/BMS/logout_success.jsp"); > > //To clear the cache I would place these meta-commands in the head > <meta http-equiv="Cache-Control" content="no-cache, no-store, > must-revalidate"> > <meta http-equiv="pragma" content="no-cache"> > <meta http-equiv="expires" content="0"> > > Then again that message appears to be specific to IE on XP SP2 > http://support.microsoft.com/default.aspx?scid=kb;en-us;890178 > > Anyone else? > M- > > ----- Original Message ----- > From: "Priya Saloni" <[EMAIL PROTECTED]> > To: "Struts Users Mailing List" <user@struts.apache.org> > Cc: "Garner, Nigel M" <[EMAIL PROTECTED]> > Sent: Friday, December 16, 2005 1:46 PM > Subject: Re: Back Button Problem.. > > > Thanks for your time.But i can't use Appuse at this time because my > project > ready for production(Except this problem). > > Priya > > > On 12/16/05, Garner, Nigel M <[EMAIL PROTECTED]> wrote: > > > > You could always use a ServletFilter to make sure that users never have > > access to pages that you don't want them to. By checking for a user > > object or something like the sessionState object then you could > > determine whether or not the user is logged in. If not then it will > > allow you to redirect the user to where ever you want. > > > > I have used them on a number of occasion for this purpose and I think > > the struts appfuse projected (see struts.sourceforge.net) provide a > > downloadable implementation. > > > > Thanks > > Nigel > > > > -----Original Message----- > > From: Priya Saloni [mailto:[EMAIL PROTECTED] > > Sent: 16 December 2005 14:49 > > To: Struts Users Mailing List > > Subject: Back Button Problem.. > > > > Hi there, > > > > I facing a BIG problem in my struts based application.When i logout my > > website and hit back button it showing a page like the following > > > > // > > Warning: Page has Expired > > The page you requested was created using information you submitted in a > > form. This page is no longer available. As a security precaution, > > Internet Explorer does not automatically resubmit your information for > > you. > > > > To resubmit your information and view this Web page, click the > > *Refresh*button. > > > > > > // > > > > When i refresh the page its showing the secured web pages too.My code in > > LogoutAction is as follows > > > > request.getSession().removeAttribute("sessionState"); > > request.getSession().invalidate(); > > response.sendRedirect("/BMS/logout_success.jsp"); > > > > sessionState is the VO where iam keeping all the objects i want to keep > > in session..Is there any way in struts to make sure that it won't > > display the page like above.. > > > > Thanks > > > > Priya. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >