Let's go over an example.
You login with login.jsp
you are authenticated with authenticate.jsp
then it sends you to loggedin.jsp
at the end you go to login.jsp when you log out.
--------
assumptions:
1. you are doing session.invalidate() in login.jsp
2. you want to be "efficient" and are using <jsp:forward> tag. for
example authenticate.jsp send to loggedin.jsp using <jsp:forward>
or
you are always in authenticate.jsp and you use <jsp:include> to
include the relevant page. A controller!
--------
what is most probably your problem:
after you have logged out, does pressing the back button send you to
authenticate.jsp? if it does, then the browser is resending your login
information (with or without asking you depending on the browser) and
reauthenticating you.
--------
solution:
instead of <jsp:foward> use response.sendRedirect() to send from
authenticate.jsp to loggedin.jsp
basically, ensure that authenticate.jsp is never displayed on the url
textbox of the browser so that the browser does not automatically
reauthenticate you.
when you manually type authenticate.jsp on the browser's url textbox
there is no problem as you don't have the login information. however,
browser tend to remember the information used to get a page and can
repost the same information.
--------
hope this helps!
Ashish Shrestha
http://headlines.sourceforge.net
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
