How to invalidate browser session

java jsp session browser invalidation
19,620

Solution 1

Those headers are incomplete. This would only work in Internet Explorer, but would fail in others. The complete set is

response.setHeader("Cache-Control","no-cache,no-store,must-revalidate");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires", 0);

And you also need to set them in the previous JSP pages as well. Calling this inside a JSP would only disable caching the current JSP page. You need to copypaste it over all JSP pages (shudder). Or even better, use a Filter for this which is mapped on *.jsp. For an example, see this answer.

Solution 2

As you said, onclicking back button session is getting invalidate. SO please make session invalidate session on Back button event.

please add "<" ">" for first and lasr line in code snippet 

<script type="text/javascript">

      bajb_backdetect.OnBack = function()
      {

        alert('You clicked it!');

      }

<script>
Share:
19,620
Warrior
Author by

Warrior

Updated on June 05, 2022

Comments

  • Warrior
    Warrior almost 2 years

    How can I invalidate Browser Session. I am using JSP's. In web.xml the session-timeout is been set to 180 seconds and I want it like that only. But the problem is on some special occasion for some user's browser session need to be invalidated immediately right after a form submit.

    I have used session.invalidate(); to invalidate session and also used 

    response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);

    But, still when I click the back button it will take me to the same users session. Is this loading from browser cache?

    This is what i have in my JSP : 

    <head>
<script type="text/javascript">
function submitForm(){window.document.submitFrm.submit();}
</script>
</head>
<body onload="submitForm()">
<%String output = (String)(request.getAttribute("strOut"));
String hookUrl = (String)(request.getAttribute("hookUrl"));
System.out.println("hookUrl in cwsGroup.jsp : "+hookUrl);%>
<form method="post" action="<%=hookUrl%>" name="submitFrm" id="submitFrm">
<input type="hidden"  name="cxml-urlencoded" value='<%=output%>' />
</form>
<%
response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
response.setDateHeader( "Expires", 0 );
session.removeValue("domineName");
session.invalidate();%>
</body>

    Am I missing something?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to properly invalidate JSP session?
Passing variable from action class (Struts 2) to JSP
Response already commited - java.lang.IllegalStateException: UT010019
Difference between setting session timeouts using web.xml and setMaxInactiveInterval
sending variable from one jsp to another jsp
How to update session attribute
If session exist or not
browser version detection from server side with java
How to get all Session values and names?
Kill session and redirect to login page on click of logout button