stackoom
  简体   繁体   中英

How to invalidate browser session

 原文  2011-03-22 06:29:35       java/ jsp/ session/ browser/ invalidation

Question

How can I invalidate Browser Session. I am using JSP's. In web.xml the session-timeout is been set to 180 seconds and I want it like that only. But the problem is on some special occasion for some user's browser session need to be invalidated immediately right after a form submit.

I have used session.invalidate(); to invalidate session and also used 

response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);

But, still when I click the back button it will take me to the same users session. Is this loading from browser cache?

This is what i have in my JSP : 

<head>
<script type="text/javascript">
function submitForm(){window.document.submitFrm.submit();}
</script>
</head>
<body onload="submitForm()">
<%String output = (String)(request.getAttribute("strOut"));
String hookUrl = (String)(request.getAttribute("hookUrl"));
System.out.println("hookUrl in cwsGroup.jsp : "+hookUrl);%>
<form method="post" action="<%=hookUrl%>" name="submitFrm" id="submitFrm">
<input type="hidden"  name="cxml-urlencoded" value='<%=output%>' />
</form>
<%
response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader( "Expires", 0 );
session.removeValue("domineName");
session.invalidate();%>
</body>

Am I missing something?

2 answers

solution1
 4 ACCPTED  2011-03-22 13:46:58

Those headers are incomplete. This would only work in Internet Explorer, but would fail in others. The complete set is 

response.setHeader("Cache-Control","no-cache,no-store,must-revalidate");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires", 0);

And you also need to set them in the previous JSP pages as well. Calling this inside a JSP would only disable caching the current JSP page. You need to copypaste it over all JSP pages ( shudder ). Or even better, use a Filter for this which is mapped on *.jsp . For an example, see this answer .

solution2
 1  2011-03-22 06:45:58

As you said, onclicking back button session is getting invalidate. SO please make session invalidate session on Back button event.

please add "<" ">" for first and lasr line in code snippet 

<script type="text/javascript">

      bajb_backdetect.OnBack = function()
      {

        alert('You clicked it!');

      }

<script>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to invalidate the session on browser close in the JSF how to invalidate a users session How to invalidate siteminder session How session works with Weblogic 12 c - Closing browser seems to invalidate the session or the cookie How to invalidate seam POJO session How to invalidate selected session programmatically? How to properly invalidate JSP session? Invalidate a user session in one browser when user logins in another browser? Invalidate a session To invalidate session when user close browser by using servlet
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM