Logout functionality - JSP

Discussions

Web tier: servlets, JSP, Web frameworks: Logout functionality - JSP

  1. Logout functionality - JSP (1 messages)

    Hi Guys,
       I 've raised this query sometime back and got really really excellent feedback. To be frank, I couldn't make my application work. Still some more probs by which with U'r some more help, may be I could. Herewith, I 've given what all ways I 've tried and what all errors I got. If U could help asap I 'ld be really thankful to U as it's deadline is this week mid...

    userid = session.getAttribute("userid");

     if ( userid == null )
       response.sendRedirect("/login-page.jsp");
    ...............

    eg:
    login.jsp
      session.setAttribute("validsession" ,"yes");

    In all jsps,
     the starting condition will be:
       if(!(session.getAttribute("validsession").equals("yes")))
         response.sendRedirect("path../login.jsp");

    logout.jsp
       session.invalidate();

      For these two egs, I 'm getting errors in 'setAttribute' method not found error.
    .....................................................
    For the foll code,
    <%
    response.setHeader("Cache-Control", "no-store, no-cache");
    response.setHeader("Pragma", "no-cache");
    HttpSession sess = request.getSession(false); // Don't create session if not exists.

    if (null==sess) {
      response.sendRedirect("/login.jsp");
    }
    %>
    .....
    After pressing logout button from my secured page, I move to Login.jsp page. Now, If I press 'Back' button, I 'm getting an error page saying 'Warning: Page has Expired The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you.

    To resubmit your information and view this Web page, click the Refresh button. '

    Once I press 'Refresh' button from the browser, it again takes me back to the secured page which shouldn't be...
    If I could get some more help from U, it 'ld be really really great!!! Thanx a lot in advance for the help done!
    Cheers,
    Siva
  2. Logout functionality - JSP[ Go to top ]

    Siva,

    I see this as a possible suggestion to ur problem of going to the secure page. Whenever a servlet is displaying a JSP, try to activate it through a session.So what happens is , when you logout, ur session get invalidated, again when you press the back or the refresh, it will not have the session and therefore will error out.Give a error page for this.

    Actually your application should be session driven which makes it comfortable for the logic you have asked for.

    Contact me at prasathb at yahoo dot com if you need further help.Hope this works.

    Prasath

    By the way , i feel you can set the session object to a setAttribute. By this you are trying to pass the session object directly.If your session is stored somewhere you can call it, why do u want to do a setAttribute and by the way session object are created from the server side.
    Good Luck.