I'm trying to do some checking on my pages that make sure that the user logged out and all the attributes that were bounded to the session were destroyed (using session.invalidate() in the logout page). However, I'm running into difficulties with 1 of my pages.
The check works fine on all the other pages except this one. I try to response.sendRedirect() the page to the login page again, but it seems to ignore it and I get errors that I can't forward after a response has been committed. And other times it logs the user right back in as if nothing happened after the user logged out...it's only with this one page. here's the code. I'm not sure what could be wrong: <%@ page session="true" %> <%@ page contentType="text/html;charset=WINDOWS-1252" %> <%@ page import = "java.util.*, java.sql.*, java.util.Vector.*" %> <jsp:useBean id="pool" class="ConnectionPool" scope="application" /> <% response.setHeader("pragma", "no-cache"); response.setHeader("Cache-Control", "no-cache"); response.setHeader("Expires", "0"); Connection conn = null; String asql = null; Statement stmt = null; ResultSet rs = null; String aUserID = null; String aPassword = null; try { FB user = (FB) session.getAttribute("bean"); //******************************************************************* // FormBean Exists //******************************************************************* if (user != null) { aUserID = user.getUSER_ID(); aPassword = user.getPASSWORD(); } //******************************************************************* // No session bean exists //******************************************************************* else { response.sendRedirect("../html/ReLogin.html"); } //************************************************************ // INITIALIZE THE POOL //************************************************************ if (pool.getDriver() == null) { pool.init(); pool.initializePool(); } boolean aloginflag = false; conn = pool.getConnection(); stmt = conn.createStatement(); asql = getSqlStatement(); System.out.println(asql); String accesscode = null; rs = stmt.executeQuery(asql); while (rs.next()) { aloginflag = true; System.out.println("Login successful!"); accesscode = rs.getString("ACCESS_CODE"); user.setACCESSCODE(accesscode); System.out.println(accesscode); } // end while if(aloginflag) {} else { %> <jsp:forward page="../html/LoginError.html"></jsp:forward> <% } if (accesscode.equalsIgnoreCase("B")) { %> <jsp:forward page="daily.jsp"></jsp:forward> <% } // end if else if (accesscode.equalsIgnoreCase("C")) { %> <jsp:forward page="report2.jsp"></jsp:forward> <% } // end else if else if (accesscode.equalsIgnoreCase("G")) { %> <jsp:forward page="report.jsp"></jsp:forward> <% } // end else if else if (accesscode.equalsIgnoreCase("U")) { %> <jsp:forward page="news.jsp"></jsp:forward> <% } // end else if else { System.out.println("No account found in the database!"); response.sendRedirect("../html/LoginError.html"); } // end else } catch(SQLException e) { // Login SQL Error! response.sendRedirect("../html/LoginError.html"); } catch(ClassNotFoundException e) { // Classname Error! response.sendRedirect("../html/DBConnError.html"); } finally { try { if (stmt != null) stmt.close(); if (rs != null) rs.close(); if (conn != null ) pool.releaseConnection(conn); } catch (Exception sqlex) { response.sendRedirect("../html/LoginError.html"); } } %> I find that it totally disregards the lines after the TRY statement and even after I log out I can still see that when I hit the back button it process the sql query and doesn't redirect. I tried to change the else (after the aloginflag) to a response.sendRedirect() and the page breaks... What am I doing wrong? Thanks, Lior --------------------------------- Do you Yahoo!? Faith Hill - Exclusive Performances, Videos, & more faith.yahoo.com