Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4

Thread: logout session

  1. #1
    New Coder
    Join Date
    Apr 2008
    Posts
    17
    Thanks
    10
    Thanked 0 Times in 0 Posts

    logout session

    I have a filter to control the session of my application.when the user logs in he will be able to access all the jsp pages .
    Problem--- Even after user logs out , he is able to directly access the jsp pages , by typing the url .(but before loggin in he would be redirected to login page if
    he tries to access any jsp page directly)
    What should I do to avoid this problem , (ie when the user hits the "logout" he should not be able to directly access the jsp pages any more , he needs to be redirected again to login page.)


    I am actually just using a logout link , (its a href tht redirects the page to the login.jsp ) , I cannot invalidate the session here.(ie I cannot create a seperate jsp page for the logout -- how do I I invalidate the sesion here?)
    So when the user hits this logout link he is redirected to the login page.
    But after tht when he enters the url directly he is able to directly access the pages.



    please provide soln
    thanks

  • #2
    Regular Coder Stooshie's Avatar
    Join Date
    Mar 2008
    Location
    Dundee, Scotland
    Posts
    380
    Thanks
    9
    Thanked 39 Times in 39 Posts
    I'm not sure that relying on session variables alone will work (the user's browser will still have the same session id).

    You will need to set a cookie containing some unique hash for that user (when they log in) and then clear that cookie when they log out again. Check for that cookie at the top of every page and if you can't find it, redirect the user.

    I usually use PHP so I am not up on the proper syntax for JSP but the priniciple should be the same.
    Regards, Stooshie
    O

  • Users who have thanked Stooshie for this post:

    tech99sri (04-23-2008)

  • #3
    Senior Coder shyam's Avatar
    Join Date
    Jul 2005
    Posts
    1,563
    Thanks
    2
    Thanked 163 Times in 160 Posts
    Quote Originally Posted by tech99sri View Post
    I am actually just using a logout link , (its a href tht redirects the page to the login.jsp ) , I cannot invalidate the session here.(ie I cannot create a seperate jsp page for the logout -- how do I I invalidate the sesion here?)
    So when the user hits this logout link he is redirected to the login page.
    But after tht when he enters the url directly he is able to directly access the pages.
    without invalidating the session (or atleast removing the relevant attributes that keep track of the current user) you cannot logout a user...simply redirecting isn't a logout....if you cannot create a separate page for logout then you can invalidate the session in the login.jsp
    You never have to change anything you got up in the middle of the night to write. -- Saul Bellow

  • Users who have thanked shyam for this post:

    tech99sri (04-23-2008)

  • #4
    New Coder
    Join Date
    Apr 2008
    Posts
    17
    Thanks
    10
    Thanked 0 Times in 0 Posts
    But how do I do that in the login.jsp page??
    I redirect the logout link to the login.jsp page.
    Does'nt this invalidate the session when the user is still logged in??
    Please reply
    thanks


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •