Hello
I want to implement some simple security logic using session ID . What I do is that I keep track of all valid sessions in a list , and if a user wants to do something (adding something etc) I check if the user has valid session or not . In my system only the logged in users shall have valid sessions Id (Anon user shall not be able to do any thing). The probelm is that when I log out and then press back button my browsers asks for refreshing the page from server , when I do that I logged on as the last logged in user. I have tried to remove username login jsessionid cookies from requests in Logout action . But still there is no change in the behaviuor . What I need is that when a user logs out , his complete information shall be destroyed then and there and when ever some one presses the browser back button , he shall be treated as a new user . Can someone help Asif --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
