Re: Ending a session

Wed, 16 Oct 2002 10:34:23 -0700 

you can do anythign about the back button - its in the specs (of HTTP I
guess) that the browser can cache previous pages in memory - otherwise known
as History - so that the user can navigate backwards - sometimes known as
the back button)

Tricks to get around this are deleting the history or disabling the back
button - both use javascript so are unreliable and are generally considered
as unfriendly to the user. So, dont do it and write your code so that it can
cope with invalid sessions

chanoch

----- Original Message -----
From: "Marc AMIR-TAHMASSEB" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Wednesday, October 16, 2002 6:00 PM
Subject: Re: Ending a session


> Thank' Sri,
> but my problem subsists !
>
> In my page named "pageX" when i use the "quit" button , then in the
> perfom i "invalidate()" the session and then return mapping for the
> login page as describe below.
>
> if (mapping.getPath().equals("/doQuit")) {
>   HttpSession session = request.getSession(false);
>   if (session != null) {
>     session.invalidate();
>    }
>   return mapping.findForward("login");
> }
> Then my login page is displayed and my session id has changed.
> At this time, i use the "BACK" button of my browser. The old "pageX" is
> displayed.
> if i perfom an action in this page, then the action is realised with the
> old session id (whereas it should not be done !)
>
> do you have an idea ?
>
> thanks,
>
> Marc
>
>
> Sri Sankaran wrote:
>
> >Session.invalidate() is one way.
> >
> >Sri
> >
> >-----Original Message-----
> >From: Marc AMIR-TAHMASSEB [mailto:[EMAIL PROTECTED]]
> >Sent: Wednesday, October 16, 2002 3:26 AM
> >To: [EMAIL PROTECTED]
> >Subject: Ending a session
> >
> >
> >Hi everybody,
> >
> >Is there a way to end a user session after a action ? Typically, i have
in my page a "Close" button that disply the login
> >form. But actualy if i use the "back" button of the browser, i come back
> >to the page where the "close" were. Then i can continue like if the
> >session wasn't closed...
> >
> >thank's
> >
> >
> >
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to