Results 1 to 4 of 4
  1. #1
    Tirka is offline Member
    Join Date
    Feb 2009
    Posts
    12
    Rep Power
    0

    Question problem in login again after logout

    Hi All,

    i have this small jsp web application where
    i log out using session.invalidate(). After loggin out,
    if i login again, i cannot access the links;if i click on any links it
    is redirected to the index/login page.
    But then if i close the browser, and login, this time
    it works fine.
    i'll be much obliged if any can help.

  2. #2
    FON
    FON is offline Senior Member
    Join Date
    Dec 2009
    Location
    Belgrade, Serbia
    Posts
    368
    Rep Power
    5

    Default

    When you log out you call your app logic to explicitly do session.invalidate().

    But when you just close browser
    session on server side is NOT invalidated, and NOT expired !

    You should sniff you traffic to see how your server (Tomcat maybe) works.

    In my case:

    TOMCAT writes SESSIONID in Header of HTTP response automatically,
    and behind the scenes PERSISTENT cookie is created on client with this SESSIONID
    (or sent as part of a rewritten URL.)

    Tomcat response to login:
    ---
    HTTP/1.1 200 OK
    Server: Apache-Coyote/1.1
    Set-Cookie: JSESSIONID=E96CDDC56BC7E03C924FEFC0E2735663; Path=/Framework
    Content-Type: text/html;charset=UTF-8
    Content-Length: 423
    Date: Fri, 04 Dec 2009 11:05:18 GMT
    ---

    I suggest you should look in your browser and find cookie.
    I use Firefox.

    If you have "Web Developer plug-in" installed in Firefox you can track session cookies after login:

    (Firefox => Web Developer plugin => Cookies => View Cookie Information)

    Name JSESSIONID
    Value E96CDDC56BC7E03C924FEFC0E2735663
    Host localhost
    Path /Framework
    Secure No
    Expires At End Of Session

    Now, - If you manually delete cookie - you cannot continue using application - you must log in again !

    CONCLUSION:
    User close browser.
    User starts app again.
    Using this SESSIONID from persistent cookie, user can login because there is still alive
    session on server with same SESSIONID, that was NOT invalidated nor it has expired

    Do spend some time on this issue
    and please share your opinion with others here

    i hope i helped you
    ;)

  3. #3
    Tirka is offline Member
    Join Date
    Feb 2009
    Posts
    12
    Rep Power
    0

    Default

    Thanks Fon,
    Sorry that i couldn't get to you earlier.
    I was doing some research on session invalidation for abrupt browser
    closing and got some script in Ajax that that keeps validating the existence
    of the session once every X seconds.But it is not working the way it should.
    Once it turns out to be fault free, i will post it....soon.

  4. #4
    FON
    FON is offline Senior Member
    Join Date
    Dec 2009
    Location
    Belgrade, Serbia
    Posts
    368
    Rep Power
    5

Similar Threads

  1. Need to return to login page once logout
    By peiceonly in forum Suggestions & Feedback
    Replies: 2
    Last Post: 03-31-2009, 08:50 PM
  2. Replies: 0
    Last Post: 06-25-2008, 01:41 PM
  3. Problem with login
    By adeeb in forum AWT / Swing
    Replies: 0
    Last Post: 06-08-2008, 09:44 AM
  4. Logout problem
    By anki1234 in forum JavaServer Pages (JSP) and JSTL
    Replies: 4
    Last Post: 01-09-2008, 08:54 AM
  5. logout using java script
    By pankajagar2001 in forum JavaServer Pages (JSP) and JSTL
    Replies: 1
    Last Post: 01-03-2008, 07:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •