problem in session invalidation.

[Jagdeesh123]

i have written code to logout the user session in my project.
but its not if i click back option, the session is still alive. please suggest me.


my code is Java code:


public void logout()

{

session = request.getSession();

session.invalidate();

RequestDispatcher rd = new RequestDispatcher("Homepage");

rd.forward(request,response);

}


After logout, if I click back , the session is still alive.

[RamyaSivakanth]

Try this below code.

HttpSession session = req.getSession(false);
if(session != null){
session.invalidate();
}

[kalpanakovuru]

i have written code to logout the user session in my project.
but its not if i click back option, the session is still alive. please suggest me.


my code is Java code:


public void logout()

{

session = request.getSession();

session.invalidate();

RequestDispatcher rd = new RequestDispatcher("Homepage");

rd.forward(request,response);

}


After logout, if I click back , the session is still alive.

Hi Jagdeesh,

For this u need to check session object (which u created) is null or not if it is null then u need to redirect to login page.

I am giving some example:

this is in server side code ..

HttpSession session=request.getSession(false);
//here u are geeting the user name from session
String strname=(String) session.getAttribute("username");
//here u are checking the session object (the value which u store in session) if it is null u are redirecting..
if(username==null){
//session=request.getSession();
RequestDispatcher rd=request.getRequestDispatcher("/Login.jsp");
rd.forward(request, response);
return;
}

HttpSession session=request.getSession(false); //here u are geeting the user name from session String strname=(String) session.getAttribute("username"); //here u are checking the session object (the value which u store in session) if it is null u are redirecting..

if(username==null){ //
session=request.getSession();
RequestDispatcher rd=request.getRequestDispatcher("/Login.jsp");
rd.forward(request, response); return; }



Like this only u need to check in jsp also.
It can surely redirect to login page..



While u logout use must invalidate the session .
write this code in logout servlet

HttpSession session = request.getSession(false);

if(session!=null)
{
session.invalidate();
}
RequestDispatcher rd=request.getRequestDispatcher("/Login.jsp");
rd.forward(request, response);
return;

HttpSession session = request.getSession(false);
if(session!=null) { session.invalidate(); }
RequestDispatcher rd=request.getRequestDispatcher("/Login.jsp");
rd.forward(request, response); return;


It is better to use filter to check the session object otherwise u need to check the condition in every servlet it become redundancy ..


I hope this is useful for u...

[anubhavranjan]

Hi Jagdeesh,

Try this

Java Code:

HttpSession session = request.getSession(false);
if(session!=null)
{
session.invalidate();
response.sendRedirect("/Login.jsp");
}

Also make sure that in each of the JSP page, you are checking whether the session is new. If its new then redirect to the welcome page.