473,547 Members | 2,416 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How to invalidate a session?

I am using invalidate method from the httpSesion class , but when I
press the back button in the internet navigator, the session still is
valid.
Jul 17 '05 #1
6 23168
"gargarensi s" <ga*********@te rra.es> wrote in message
news:40******** *************** ***@posting.goo gle.com...
I am using invalidate method from the httpSesion class , but when I
press the back button in the internet navigator, the session still is
valid.

HttpSession is an interface, not a class. What makes you think the session
is still valid?
Jul 17 '05 #2

"gargarensi s" <ga*********@te rra.es> wrote in message
news:40******** *************** ***@posting.goo gle.com...
I am using invalidate method from the httpSesion class , but when I
press the back button in the internet navigator, the session still is
valid.


Invalidating a session is server-side logic, the back-button is purely
client-side logic. You might set the appropriate HTTP headers when you send
pages to the browser to tell it it should never show cached pages but
instead always send a new request. Those headers can be a combination of:

Pragma=no-cache (for older browsers)
Cache-control=no-store (a stricter version of no-cache)
Expires=0

Setting these will prevent any non-deaf browser from showing cached content.
That way an invalidated session can be made visible to the user.

Regards,

Silvio Bierman
Jul 17 '05 #3
"Ryan Stewart" <zz********@gSP AMo.com> wrote in message news:<Ea******* *************@t exas.net>...
"gargarensi s" <ga*********@te rra.es> wrote in message
news:40******** *************** ***@posting.goo gle.com...
I am using invalidate method from the httpSesion class , but when I
press the back button in the internet navigator, the session still is
valid.

HttpSession is an interface, not a class. What makes you think the session
is still valid?


Thanks.

I can access to atrributes for the session after invalidating it.
I am debuging in the "back" request in my servlet.
Jul 17 '05 #4
Thanks.

I can see this, by debuging in the servlet. In first request I delete
all attributes of a session and invalidate it. When I press back, in
next request, I can access to the attributes of session. I try to
implement a web page for disconnection to delete the user data
(password, credit card), but if the user presses back after the
disconnection page it recovers the data.
"Silvio Bierman" <sb******@idfix .nl> wrote in message news:<40******* *************** *@news.xs4all.n l>...
"gargarensi s" <ga*********@te rra.es> wrote in message
news:40******** *************** ***@posting.goo gle.com...
I am using invalidate method from the httpSesion class , but when I
press the back button in the internet navigator, the session still is
valid.


Invalidating a session is server-side logic, the back-button is purely
client-side logic. You might set the appropriate HTTP headers when you send
pages to the browser to tell it it should never show cached pages but
instead always send a new request. Those headers can be a combination of:

Pragma=no-cache (for older browsers)
Cache-control=no-store (a stricter version of no-cache)
Expires=0

Setting these will prevent any non-deaf browser from showing cached content.
That way an invalidated session can be made visible to the user.

Regards,

Silvio Bierman

Jul 17 '05 #5
"gargarensi s" <ga*********@te rra.es> wrote in message
news:40******** *************** ***@posting.goo gle.com...
"Ryan Stewart" <zz********@gSP AMo.com> wrote in message

news:<Ea******* *************@t exas.net>...
"gargarensi s" <ga*********@te rra.es> wrote in message
news:40******** *************** ***@posting.goo gle.com...
I am using invalidate method from the httpSesion class , but when I
press the back button in the internet navigator, the session still is
valid.

HttpSession is an interface, not a class. What makes you think the session is still valid?


Thanks.

I can access to atrributes for the session after invalidating it.
I am debuging in the "back" request in my servlet.


Maybe you should read Silvio's reply a little more closely. If you truly
call session.invalid ate(), then the session is gone. Pressing the back
button in your browser is simply pulling the page from your local cache, not
making a new request.
Jul 17 '05 #6
ga*********@ter ra.es (gargarensis) wrote in message news:<40******* *************** ****@posting.go ogle.com>...
Thanks.

I can see this, by debuging in the servlet. In first request I delete
all attributes of a session and invalidate it. When I press back, in
next request, I can access to the attributes of session. I try to
implement a web page for disconnection to delete the user data
(password, credit card), but if the user presses back after the
disconnection page it recovers the data.


If you call the invalidate() method, then the session is gone.

However, on the next call the server will create a new, empty session
whose attributes you can access.

Is it possible that on pressing the back button, you re-submit a form
that sets the attributes in the new session?

Erik
Jul 17 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
1714
by: Alexander Jhin | last post by:
I have this very basic Custom Control: public class TestPanel : Panel { public TestPanel() : base() { this.SetStyle( ControlStyles.AllPaintingInWmPaint | ControlStyles.Opaque | ControlStyles.UserPaint, true);
3
3418
by: RS | last post by:
if i want to invalidate the client area of my Windows.Form and execute an overrided OnPaint i would use Form1.ActiveForm.Invalidate() ?? However, when i use this line of code i receive a : An unhandled exception of type 'System.NullReferenceException' occurred in OCRTicker.exe Additional information: Object reference not set to an...
17
8501
by: SamSpade | last post by:
picDocument is a picturebox When I do picDocument.Invalidate() the box paints. But if instead I do picDocument.Refresh() the box does not paint. What does Refresh do. I guessed it did an Invalidate and an Update. Can someone shed some light?
0
3860
by: swiss | last post by:
how can i code logout in a struts application.I have used session.invalidate but it is not accurately logging out from the session .please help me out to solve this problem.
4
4623
by: grayaii | last post by:
Hi, I have a simple form that handles all its paint functionality like so: this.SetStyle(ControlStyles.AllPaintingInWmPaint | ControlStyles.Opaque, true); And the entry point to this program is like so: static void Main() {
1
3597
by: sean | last post by:
I'm trying to create "rubber-band" rectangles by overriding the OnPaint method to place rectangles on top of all graphic controls, but when I call Me.Invalidate() (when the user moves the mouse), OnPaint is not getting called... Here is the relevent code: I'm trying to create a "rubber band" rectangle effect on my form. Private Sub...
1
2417
by: xsorimachi | last post by:
Hi, I have a computer A which I am logging in but i didn't logout until i go to another computer, computer B. How can I request session from computer A and call HttpSession to invalidate session of computer A. In other words, I want to logout from computer A so that I can continue to login computer B. Thanks & Regards.
0
3002
by: raylopez99 | last post by:
Hi, I'm getting into GDI+ Forms 2.0 graphics for C#3 using Visual Studio 2008. One thing I notice: the graphics are really slow and flicker on a Pentium IV, with 2 GB RAM, even with doublebuffering turned on. I did learn tricks such as not invalidating everything, but just the control that is part of the form you are working on (i.e.,
5
5822
by: kveerareddy | last post by:
Hi experts, Technologies: Spring, AJAX, Google web tool kit Problem: Ideally when the user stops using a web page then after 30 minutes, if the user is trying to access any ting then the session gets expired. But In my case one pages continually refreshes for every 30 seconds, hence not giving scope to session timeout even when the user...
0
7437
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7703
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
7947
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7463
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
6032
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5362
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
3493
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3473
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
0
748
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.