Invalidating a session using session id

Rated 4.93/5 based on 534 customer reviews

Hi, Can anyone tell me how to logout a user (invalidate his Session) when auser directly closes his browser window. Regards, Sahil Gupta Extn : 233Email : [email protected]******************************************************************Net Edge Computing Global Solutions Private Limited. Ifyou are not the addressee or authorized to receive this for theaddressee, you must not use, copy, disclose or take any action based onthis message or any information herein. 201-301Tel # 91-120-2423281, 2423282Fax # 91-120-2423279URL http// message may contain confidential and/or privileged information.The problem is that I have a log in page, instanciate a session, set variables to my session and when I logout I use the session.invalidate(); method to keep security of my pages I use an if statement like String loged=String.value Of(Value("logedin")); if(loged.equals("false")|loged.equals(null)|loged.equals("")|loged.equals("null")){%Metaquestion: I'm curious about something that I've seen quite often in the various forums: Oftentimes and 'answer' will be in the form of "Look at the API" or even "RTFM".This sort of answer confuses me, because, ultimately, it seems, just about any question could be answered by pouring over the API and trying out various things.During logout I am clearing these values before calling invalidate() so why is the application letting me go everywhere after logout though I do have check Logon (checking session for stored objects).It is as though these objects are still there and its the same session.-----Original Message-----From: Krueger, Jeff [mailto:[EMAIL PROTECTEDSent: Thursday, August 30, 2001 PMTo: [EMAIL PROTECTED]Subject: RE: STRANGE: session.invalidate() is not invalidating the session You have to go through a action class before your welcome.jsp, but there is a thing called a transaction token.That will check that hidden field to make sure it is the same number that was generated and put on the page for you in the other action class.

||

Hi, Can anyone tell me how to logout a user (invalidate his Session) when auser directly closes his browser window. Regards, Sahil Gupta Extn : 233Email : [email protected]******************************************************************Net Edge Computing Global Solutions Private Limited. Ifyou are not the addressee or authorized to receive this for theaddressee, you must not use, copy, disclose or take any action based onthis message or any information herein.

201-301Tel # 91-120-2423281, 2423282Fax # 91-120-2423279URL http// message may contain confidential and/or privileged information.

The problem is that I have a log in page, instanciate a session, set variables to my session and when I logout I use the session.invalidate(); method to keep security of my pages I use an if statement like String loged=String.value Of(Value("logedin")); if(loged.equals("false")|loged.equals(null)|loged.equals("")|loged.equals("null")){%Metaquestion: I'm curious about something that I've seen quite often in the various forums: Oftentimes and 'answer' will be in the form of "Look at the API" or even "RTFM".

]]

invalidating a session using session id-28

invalidating a session using session id-45

invalidating a session using session id-20

invalidating a session using session id-81

If the user refreshes Welcome.jsp, IE resubmits the Logon Form containg the username and password, Logon Action accepts these values and 'presto' the user is in again.

If the user backs up and submit the page they will have the old token and when you call is Token Valid you will get false and be able to deal with it as you please.

Hope that helps.-----Original Message-----From: Luna, Katherine [mailto:[EMAIL PROTECTEDSent: Thursday, August 30, 2001 AMTo: '[EMAIL PROTECTED]'Subject: RE: STRANGE: session.invalidate() is not invalidating the session I have the user object in the session, and each jsp page except the checks the session.

Basically, if the user logs out from welcome.jsp, then backs up with the Browser 'Back' button, they can refresh the page and become logged in without re-entering the username and password because these values must be stored in teh request.

Hi all, I'm facing problem while with invalidating session. I've a code through which I can invalidated the session that I'd created, by pressing logout link provided.

||

If the user refreshes Welcome.jsp, IE resubmits the Logon Form containg the username and password, Logon Action accepts these values and 'presto' the user is in again.If the user backs up and submit the page they will have the old token and when you call is Token Valid you will get false and be able to deal with it as you please.Hope that helps.-----Original Message-----From: Luna, Katherine [mailto:[EMAIL PROTECTED]]Sent: Thursday, August 30, 2001 AMTo: '[EMAIL PROTECTED]'Subject: RE: STRANGE: session.invalidate() is not invalidating the session I have the user object in the session, and each jsp page except the checks the session.Basically, if the user logs out from welcome.jsp, then backs up with the Browser 'Back' button, they can refresh the page and become logged in without re-entering the username and password because these values must be stored in teh request.Hi all, I'm facing problem while with invalidating session. I've a code through which I can invalidated the session that I'd created, by pressing logout link provided.

]]

Leave a Reply