Invalidating the session

Warning Immediate session deletion may cause unwanted results.When there is concurrent requests, other connections may see sudden session data loss. Requests from Java Script and/or requests from URL links.If you're using db or memcached to manage session, you can always delete that session entry directly from db or memcached.2.

invalidating the session-61invalidating the session-68invalidating the session-22

Those headers can be a combination of: Pragma=no-cache (for older browsers) Cache-control=no-store (a stricter version of no-cache) Expires=0 Setting these will prevent any non-deaf browser from showing cached content. In first request I delete all attributes of a session and invalidate it.

That way an invalidated session can be made visible to the user. When I press back, in next request, I can access to the attributes of session.

Invalidating a session is server-side logic, the back-button is purely client-side logic.

You might set the appropriate HTTP headers when you send pages to the browser to tell it it should never show cached pages but instead always send a new request.

This is the third article in the series of Web Applications tutorial in Java, you might want to check out earlier two articles too.

When we use Http Servlet Request get Session() method and it creates a new request, it creates the new Http Session object and also add a Cookie to the response object with name JSESSIONID and value as session id.

Those headers can be a combination of: Pragma=no-cache (for older browsers) Cache-control=no-store (a stricter version of no-cache) Expires=0 Setting these will prevent any non-deaf browser from showing cached content.

That way an invalidated session can be made visible to the user.

Please feel free to post any easier way to destroy a particular session.

Tags: , ,