Hi everyone,
I wanted to know how to invalidate the session so that even if the user
clicks the back button of the browser AFTER he LOGS OFF and clicks on some
buttons that call some servlets I should display
"PLEASE LOGIN AGAIN" How do I do this. This is similar to hotmail website
where after you logout you can't check your mails or click on the inbox
because it will prompt you with the LOGIN PAGE !
This is what I did in my logout
HttpSession session = getSession(true)
session.invalidate();
Now the session I created when the user logs in was named usersession.
Do I have to say usersession.invalidate ? I thought every browser is
associated with only that session. Or do I have to specifiy the session name
to invalidate ? Because if I have 2 or more sessions ...the getSession(true)
will return which one?
resp.sendRedirect("/servlet/login");
But Still i can run some servlets if I click on the back button
Why is that so ?The session still has the userid Should I call the
pragma no-cache in all servlets ? in resp.setHeader ?
Thanks
Krishnan
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
