Re: [OT] Re: How to prevent the login information cached

Thu, 27 Oct 2005 06:35:07 -0700 

Thanks for the information.

Unfortunately, we did exactly the same as described.
The thing is that Window 2000 allows login formation
cached. When you use the back button to the point
where
URL is something like
http://xxxDomain/applicationName/logon.do
and you refresh the page, windown will ask you if you
want to resend the information, if you hit yes, then
the cached user and password information will send to
your webserver with a new session id(this will not
directly go through your login page, instead just
login action with the cached user information).

--- Hotmail <[EMAIL PROTECTED]> wrote:

> why not have a action configured for logoff in
> struts-config.zml
> <action
>   path="/logoff"
>  
>
type="org.apache.struts.webapp.example.LogoffAction">
>   <forward name="success"
> path="/WEB-INF/jsp/index.jsp"/>
> </action>
> 
> then somewhere inside LogoffAction class invalidate
> your session and 
> redirect to your index.jsp
> e.g.
> public class LogoffAction extends Action
> {
>     public ActionForward execute( ActionMapping
> actionMapping,
>     ActionForm actionForm, HttpServletRequest
> httpServletRequest,
>     HttpServletResponse httpServletResponse )
>     { //start execute
>        HttpSession session =
> httpServletRequest.getSession( false );
>        if ( session != null )
>       {
>          session.invalidate();
>       }
> //go to index.jsp
>      return actionMapping.findForward( "success" );
>   } //end execute
> }  //end LogoffAction
> ----- Original Message ----- 
> From: "info3853 Bush" <[EMAIL PROTECTED]>
> To: "Struts Users Mailing List"
> <user@struts.apache.org>
> Sent: Wednesday, October 26, 2005 1:13 PM
> Subject: Re: [OT] Re: How to prevent the login
> information cached
> 
> 
> > In my logout method, we use the
> session.invalidate(); method and redirect 
> > the page to login page again.
> >
> > Dave Newton <[EMAIL PROTECTED]> wrote:info3853
> Bush wrote:
> >
> >>Anyone has idea to handle this situation?
> >>
> >>
> > Sounds like your logout method is broken.
> >
> > Dave
> >
> >
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 



                
__________________________________ 
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to