newbie03
02-14-03, 12:14
| I have a servlet application which uses HttpSession to store session values. I am having problem invalidating the session. After logout i am able to access the application by clicking the browsers back button and refreshing the page. Let me explain the application flow. loginpage.html---> LogonServlet------------------->menuservlet LogonServlet---> (checks for the validity of username and password. If Login succeded directs to menuservlet) menuservlet----> (this page has 2 buttons which directs to two [page1.html & page2.html] page. Also has a button to logout. Logout buttons directs to the LogoutServlet.) Case 1 a)loginpage.html---->LogonServlet---->menuservlet--->page1.html b)page1.html->menuservlet->logout--->login.html c)Browser "Back" --->loginpage Case 2 a) loginpage.html--->logonServlet-->menuservlet-->logout-->loginpage b) Browser "Back" Button--> displays page with error message ("Warning Page has Expired". To resubmit your information and view this Web page, click the Refresh button) c) Refresh the page->menuservlet Case 1 scenario works fine. But in the second scenario on clicking the browser back button it takes me to the menuservlet instead of login.html I am using following code in the LogoutServlet.I also tried to give session.putValue(<variableName>,null) if(session!= null) { session.removeValue() session.invalidate() } response.sendRedirect(loginpage.html) I am checking the session validity in menuservlet everytime it relaods.. if(session.getValue() == null) { response.sendRedirect(loginpage.html) } Also i am using the following code in all those pages which i don't want to cache (menuservlet). response.setHeader("Cache-Control","no-cache"); response.setDateHeader("Expires",0); response.setHeader("Pragma","No-cache"); Can anybody explain what's wrong here? Thanks |