info3853 Bush wrote:
I had a web application based on struts framework. Recently, I found that after you logout, you use the browser back button back to the login.do page, the page shows the Page Time Out, however, if you click the refresh button, the page automatically login to the application without ask you any user information. Anyone has idea to handle this situation?
Could be that the browser is caching and re-submitting the data you entered in the form the first time through. One workaround for that wouuld be to include the session ID in the login request, and check that it matches the current session ID when the form is submitted. You may also be able to use Session.isValid(), but be careful how you get at the session or you'll just trigger creation of a new one which will then always be valid...
L. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
