How to invalidate browser session
Solution 1
Those headers are incomplete. This would only work in Internet Explorer, but would fail in others. The complete set is
response.setHeader("Cache-Control","no-cache,no-store,must-revalidate");
response.setHeader("Pragma","no-cache");
response.setDateHeader("Expires", 0);
And you also need to set them in the previous JSP pages as well. Calling this inside a JSP would only disable caching the current JSP page. You need to copypaste it over all JSP pages (shudder). Or even better, use a Filter
for this which is mapped on *.jsp
. For an example, see this answer.
Solution 2
As you said, onclicking back button session is getting invalidate. SO please make session invalidate session on Back button event.
please add "<" ">"
for first and lasr line in code snippet
<script type="text/javascript">
bajb_backdetect.OnBack = function()
{
alert('You clicked it!');
}
<script>
Warrior
Updated on June 05, 2022Comments
-
Warrior almost 2 years
How can I invalidate Browser Session. I am using JSP's. In
web.xml
thesession-timeout
is been set to 180 seconds and I want it like that only. But the problem is on some special occasion for some user's browser session need to be invalidated immediately right after a form submit.I have used
session.invalidate();
to invalidate session and also usedresponse.setHeader("Cache-Control", "no-cache"); response.setHeader("Pragma", "no-cache"); response.setDateHeader("Expires", 0);
But, still when I click the back button it will take me to the same users session. Is this loading from browser cache?
This is what i have in my JSP :
<head> <script type="text/javascript"> function submitForm(){window.document.submitFrm.submit();} </script> </head> <body onload="submitForm()"> <%String output = (String)(request.getAttribute("strOut")); String hookUrl = (String)(request.getAttribute("hookUrl")); System.out.println("hookUrl in cwsGroup.jsp : "+hookUrl);%> <form method="post" action="<%=hookUrl%>" name="submitFrm" id="submitFrm"> <input type="hidden" name="cxml-urlencoded" value='<%=output%>' /> </form> <% response.setHeader("Cache-Control","no-cache"); response.setHeader("Pragma","no-cache"); response.setDateHeader( "Expires", 0 ); session.removeValue("domineName"); session.invalidate();%> </body>
Am I missing something?