Invalidating session in jsp
Web Filter; public class Login Filter implements Filter Is it okay? because it is only supported in tomcat 7 and above. I am using apache tomcat 5.5 server, so i guess I should not put url-pattern annotation in filter class right? When a user hits the log out button it directs them to that page, which in turn checks for an active session and if it finds one, calls session.invalidate() then redirects the user back to the home page (or wherever you would like). Take a look at this thread, it has some answers that you are looking for. t=146975 I use a servlet for the sole purpose of log outs.
What i am trying to do is when user is redirected to the login page it checks that whether there is already an existing session if yes, then it Invalidate's the session and user has to login again.It will still be accessible in the current response, but it will not be there anymore in the next request.Thus it's important that a redirect (a new request) is fired after invalidate, otherwise you're still displaying data from the old session.Hello, I am trying to invalidate a session when you log out from my web application, but when you click back on the browser you can return to secure page where you had logged in. Hi, I'd like to know how to prevent users from skipping my site's pages simply typing the address in the URL location.
Search for invalidating session in jsp:
Consequently, you are permitted to call Session only when it would be legal to set HTTP response headers: before any document content has been sent (i.e., flushed or committed) to the client.