Aasim
I would suggest you either:
- In your jsp check for a new session (session.isNew()) If the session is new and shouldn't be - use the request dispatcher to forward the request to the login page.
- Set the jsp not to create a session (<%@ page session="false"%> <%@ page session="false"%>) then in the jsp check if a session exists (request.getSession(false)==null). A session will only exist if the user is logged in and you say at this point he has been logged out and his session has been destroyed. If the session doesn't exist - again use the request dispatcher to forward the request to the login page.
Dont forget - the page you redirect to to display a "you have been logged out" message will also create a new session by default.
>From: Aasim <[EMAIL PROTECTED]>
>Reply-To: "A mailing list for discussion about Sun Microsystem's Java Servlet API Technology." <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Log out problem
>Date: Thu, 6 Mar 2003 13:55:11 -0800
>
>
>Hi,
>In order to not cache the information, I set the following HTTP headers:
> response.setHeader("Cache-Control", "no-cache,no-store,must-revalidate");
> response.setHeader("Pragma", "no-cache");
>
>I set these headers at the beginning of my doPost() method. Still the same thing is happening. When I click the back button on my browser, I get the previous page in the session instead of the login page.
>
>After a user logs out and clicks the "back" button, I want him to login again to access the site.
>
>Is there something I am doing wrong?
>
>Thanks for any help in advance!
>
>Sincerely,
>
>--Andy.
>
>
> Gareth Jones <[EMAIL PROTECTED]>wrote:
>As Victor says you could stop the jsp from being cached especially if the jsp performs some process which you dont want to accidentally repeat. But also the JSP will create a new session by default unless you specify otherwise. You can check for a new session (session.isNew()) or alternatively set the jsp not to create a session (<%@ page session="false"%>) then check that a session exists.
>
>
>
>
>
> >From: "Leung, Victor"
> >Reply-To: "A mailing list for discussion about Sun Microsystem's Java Servlet API Technology." >To: [EMAIL PROTECTED] >Subject: Re: Log out problem >Date: Wed, 5 Mar 2003 17:32:48 -0500 > >any chance you are reading from cache when you click on the back button? >Also, make sure you put no-cache or no-store in the headers. > >-----Original Message----- >From: Aasim [mailto:[EMAIL PROTECTED] >Sent: Wednesday, March 05, 2003 5:19 PM >To: [EMAIL PROTECTED] >Subject: Log out problem > > > >Dear Servlet-Interest users, > > >I have an online ordering application and I am having problems logging out. >Once a user has placed an order and he clicks on the Logoff button, I call a >servlet where I destroy the session and redirect the user to a new page with >the message that he has logged out successfully. But, when I hit the back >button on the browser, it again takes me to
the previous page. I want the >user to go to the login page when he hits the back butto
> n on the browser and >force him to login again to access any of the pages, instead of the previous >page in his session. > > >How can I achieve this functionality? >Thanks for any help in advance! > >Sincerely, > > >--Andy. > > > > > > > > > > _____ > >Do you Yahoo!? >Yahoo! >Tax Center - forms, calculators, tips, and more >
>
>---------------------------------
>Stay in touch with absent friends. Download MSN Messenger for FREE! ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
>
>---------------------------------
>Do you Yahoo!?
>Yahoo! Tax Center - forms, calculators, tips, and more
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
