JSP Logout Problems

Discussions

Web tier: servlets, JSP, Web frameworks: JSP Logout Problems

  1. JSP Logout Problems (4 messages)

    We having problems creating a logout facility that works correctly for our web application.

    Our application has a single JSP request controller, which does a lookup for a "requestHandler" based on URL parameters sent to the request controller (i.e controller.jsp?request=RequestHandlerName). The requestHandler manipulates session stuff as required, and returns the URL of the page a user should be forwarded to.

    The requestHandlers check all the users access rights before forwarding to a page.

    When a using logs in, and the login is correct, a session bean is put in the pageContext by the requestController, and the user is forwarded to a home page.

    When a user logs out, we do a
    pageContext.getSession().removeAttribute("sessionObject");

    Now all this works fine, except for the case where a user logs out, and then uses the back button to the Home page (and this problem is only for the home page), and pushes refresh. The problem is this page still has request parameters in scope from the login page submission, and this information is used to log the user back in, as if they have never logged out.

    Any ideas how we could fix this??

    We are using WebLogic v6.0, NT4.0.

    Thanks in advance for any help!
    Cheers,
    Mils.

    Threaded Messages (4)

  2. JSP Logout Problems[ Go to top ]

    try zapping the whole httpsession rather than just a value in it? i think it's the httpsession.invalidate() method.
  3. JSP Logout Problems[ Go to top ]

    Thanks for the suggestion.

    We have tried this, and the session looks like it is recreated when users click refresh on the home page, and the user information is put back into this recreated session using the request parameters sent from the login page, which are still in scope.

  4. JSP Logout Problems[ Go to top ]

    r u sending the login information as a part of the url ie using a get method to post the login jsp? looks like the login parameters are passed again to the login servlet when u click the refresh button. thereby a new session gets created after validating the login info which is valid as in the previous case. may be changing the method to post in the jsp would help. just try it. not very sure though. hope it helps. bye.
  5. JSP Logout Problems[ Go to top ]

    Thanks for the suggestion.

    We are passing the parameters as post, so we are still stuck! :)