Ricardo Andres Quintero wrote:
Hello my friends
Followed i attach a message i found in the internet.
I have found some conceptual solutions about this problem,
but i DO need an example that works to solve it.
The conceptual solution talks about a token syncronizer. I
don't know how to write it.
Thank you in advanced.
<%-- THE PROBLEM --%>
Hello,
I used Struts to develop a web app which has a login form to permit access
to different functionnalities via a menu page. I use a session var I set at
login to check if the user has not logged out.
The problem that I have is, once I do the logoff, if I use the Back button
of the browser to the menu page and do a refresh a new session gets created
and I'm able to use the app.
You should use The Servlet API's security constraints to restrict access
to your app to authenticated users, then when the user hits the back
button,at will issue the login page instead of your application running
with a new session.
I have a filter to do the verification but I tried before doing it in each
Action and I have the same problem. I don't access .jsp pages directly, I
have an Action for each of them.
I read some posts but none seems to talk about my specific problem.
It sounds like a begginer caveat but I have no idea what should I do or what
am I doing wrong.
Any help appreciated,
Cezar
<%-- END OF THE PROBLEM --%>
--
Ricardo Andrés Quintero R.
Ubiquando Ltda.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
