472,328 Members | 1,157 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

home > topics > java > questions > how to invalidate a session?

Join Bytes to post your question to a community of 472,328 software developers and data experts.

How to invalidate a session?

I am using invalidate method from the httpSesion class , but when I
press the back button in the internet navigator, the session still is
valid.
Jul 17 '05 #1
6 23090
"gargarensis" <ga*********@terra.es> wrote in message
news:40**************************@posting.google.c om...
I am using invalidate method from the httpSesion class , but when I
press the back button in the internet navigator, the session still is
valid.

HttpSession is an interface, not a class. What makes you think the session
is still valid?
Jul 17 '05 #2

"gargarensis" <ga*********@terra.es> wrote in message
news:40**************************@posting.google.c om...
I am using invalidate method from the httpSesion class , but when I
press the back button in the internet navigator, the session still is
valid.


Invalidating a session is server-side logic, the back-button is purely
client-side logic. You might set the appropriate HTTP headers when you send
pages to the browser to tell it it should never show cached pages but
instead always send a new request. Those headers can be a combination of:

Pragma=no-cache (for older browsers)
Cache-control=no-store (a stricter version of no-cache)
Expires=0

Setting these will prevent any non-deaf browser from showing cached content.
That way an invalidated session can be made visible to the user.

Regards,

Silvio Bierman
Jul 17 '05 #3
"Ryan Stewart" <zz********@gSPAMo.com> wrote in message news:<Ea********************@texas.net>...
"gargarensis" <ga*********@terra.es> wrote in message
news:40**************************@posting.google.c om...
I am using invalidate method from the httpSesion class , but when I
press the back button in the internet navigator, the session still is
valid.

HttpSession is an interface, not a class. What makes you think the session
is still valid?


Thanks.

I can access to atrributes for the session after invalidating it.
I am debuging in the "back" request in my servlet.
Jul 17 '05 #4
Thanks.

I can see this, by debuging in the servlet. In first request I delete
all attributes of a session and invalidate it. When I press back, in
next request, I can access to the attributes of session. I try to
implement a web page for disconnection to delete the user data
(password, credit card), but if the user presses back after the
disconnection page it recovers the data.
"Silvio Bierman" <sb******@idfix.nl> wrote in message news:<40***********************@news.xs4all.nl>...
"gargarensis" <ga*********@terra.es> wrote in message
news:40**************************@posting.google.c om...
I am using invalidate method from the httpSesion class , but when I
press the back button in the internet navigator, the session still is
valid.


Invalidating a session is server-side logic, the back-button is purely
client-side logic. You might set the appropriate HTTP headers when you send
pages to the browser to tell it it should never show cached pages but
instead always send a new request. Those headers can be a combination of:

Pragma=no-cache (for older browsers)
Cache-control=no-store (a stricter version of no-cache)
Expires=0

Setting these will prevent any non-deaf browser from showing cached content.
That way an invalidated session can be made visible to the user.

Regards,

Silvio Bierman

Jul 17 '05 #5
"gargarensis" <ga*********@terra.es> wrote in message
news:40**************************@posting.google.c om...
"Ryan Stewart" <zz********@gSPAMo.com> wrote in message

news:<Ea********************@texas.net>...
"gargarensis" <ga*********@terra.es> wrote in message
news:40**************************@posting.google.c om...
I am using invalidate method from the httpSesion class , but when I
press the back button in the internet navigator, the session still is
valid.

HttpSession is an interface, not a class. What makes you think the session is still valid?


Thanks.

I can access to atrributes for the session after invalidating it.
I am debuging in the "back" request in my servlet.


Maybe you should read Silvio's reply a little more closely. If you truly
call session.invalidate(), then the session is gone. Pressing the back
button in your browser is simply pulling the page from your local cache, not
making a new request.
Jul 17 '05 #6
ga*********@terra.es (gargarensis) wrote in message news:<40**************************@posting.google. com>...
Thanks.

I can see this, by debuging in the servlet. In first request I delete
all attributes of a session and invalidate it. When I press back, in
next request, I can access to the attributes of session. I try to
implement a web page for disconnection to delete the user data
(password, credit card), but if the user presses back after the
disconnection page it recovers the data.


If you call the invalidate() method, then the session is gone.

However, on the next call the server will create a new, empty session
whose attributes you can access.

Is it possible that on pressing the back button, you re-submit a form
that sets the attributes in the new session?

Erik
Jul 17 '05 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Calling Invalidate on Custom Control Causes Other Controls to Stop Rendering...
by: Alexander Jhin | last post by:
I have this very basic Custom Control: public class TestPanel : Panel { public TestPanel() : base() { this.SetStyle(...
.NET Framework
3
Invalidate
by: RS | last post by:
if i want to invalidate the client area of my Windows.Form and execute an overrided OnPaint i would use Form1.ActiveForm.Invalidate() ?? However,...
Visual Basic .NET
17
Invalidate() compared to Refresh()
by: SamSpade | last post by:
picDocument is a picturebox When I do picDocument.Invalidate() the box paints. But if instead I do picDocument.Refresh() the box does not...
Visual Basic .NET
0
session.invalidate is not working to logout the session in struts application
by: swiss | last post by:
how can i code logout in a struts application.I have used session.invalidate but it is not accurately logging out from the session .please help me...
Java
4
timer not being called when OnPaint calls Invalidate
by: grayaii | last post by:
Hi, I have a simple form that handles all its paint functionality like so: this.SetStyle(ControlStyles.AllPaintingInWmPaint |...
C# / C Sharp
1
OnPaint Not Getting Called on Invalidate()
by: sean | last post by:
I'm trying to create "rubber-band" rectangles by overriding the OnPaint method to place rectangles on top of all graphic controls, but when I call...
Visual Basic .NET
1
how to invalidate a session from another computer?
by: xsorimachi | last post by:
Hi, I have a computer A which I am logging in but i didn't logout until i go to another computer, computer B. How can I request session from computer...
Java
0
Tricks to speed up graphics: and why does Invalidate on MouseMoveaffect performance?
by: raylopez99 | last post by:
Hi, I'm getting into GDI+ Forms 2.0 graphics for C#3 using Visual Studio 2008. One thing I notice: the graphics are really slow and flicker...
C# / C Sharp
5
Invalidate the servlet session if session timeout even when UI automatically updates
by: kveerareddy | last post by:
Hi experts, Technologies: Spring, AJAX, Google web tool kit Problem: Ideally when the user stops using a web page then after 30 minutes, if the...
Javascript
0
How to Remove Duplicate Items from ComboBox in JavaFX?
by: tammygombez | last post by:
Hey fellow JavaFX developers, I'm currently working on a project that involves using a ComboBox in JavaFX, and I've run into a bit of an issue....
Java
0
The Top 5 Skills You Need in a PowerApps Developer
by: concettolabs | last post by:
In today's business world, businesses are increasingly turning to PowerApps to develop custom business applications. PowerApps is a powerful tool...
.NET Framework
0
Benefits of Blockchain App Development for Enterprise Businesses
by: Kemmylinns12 | last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and...
General
0
how to collapse a custom toolbar in VBA
by: CD Tom | last post by:
This only shows up in access runtime. When a user select a report from my report menu when they close the report they get a menu I've called Add-ins...
General
0
Basic concepts of WebLogic Admin training?
by: Naresh1 | last post by:
What is WebLogic Admin Training? WebLogic Admin Training is a specialized program designed to equip individuals with the skills and knowledge...
Oracle Database
0
Hyperconverged All-in-One Streaming Engine, ushering in new age for distributed database
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was...
General
0
How to layout php header location with a variable as the location?
by: Matthew3360 | last post by:
Hi there. I have been struggling to find out how to use a variable as my location in my header redirect function. Here is my code. ...
PHP
1
How to use http requests (Get function) to get variable value?
by: Matthew3360 | last post by:
Hi, I have a python app that i want to be able to get variables from a php page on my webserver. My python app is on my computer. How would I make it...
Python
0
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computer
by: AndyPSV | last post by:
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computerHOW CAN I CREATE AN AI with an .executable...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy

Sitemap

Follow us! Get the Latest Bytes Updates