Hi,
I noticed a peculiar thing. In my application I have a logout link on pages. This link
control goes to 'Logout' action where I clean up the session variables and then
invalidate the session with:
session.invalidate();
and this class forwards it to Logout.jsp which just has the goodbye message.
I have noticed that at this point if I keep going back with the back key of my browser
to the point where jsessionid is part of the URL, i.e.,
http://localhost:8080/msqc/logon.do;jsessionid=149062E2E0A77480075991317505D453
and do the browser refresh here then I can go back into the application without having
to log in again. It is as if the session is still alive.
All the screens(incl. the above URL point) going backwards from Logout.jsp do show the
page expired message but doing refresh on the above URL screen only brings back the
application
Could someone please explain this to me? Has anyone else seen this?
BTW I am using Tomcat 4.0 and Struts 1.1(same happens with 1.0 too)
TIA.
-Nimmi
