Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / September 2007

Tip: Looking for answers? Try searching our database.

Session Expire

Thread view: 
Enable EMail AlertsStart New Thread
ushajava - 22 Sep 2007 14:57 GMT
Hi,

I have one question that, how to code when I hit the "Back" Button of
the browser it shoud state that Session is Expired. Please help in
this regard.

Thanks,
Usha.
Reply to this Message
Joshua Cranmer - 22 Sep 2007 15:01 GMT
> Hi,
>
[quoted text clipped - 4 lines]
> Thanks,
> Usha.

Perhaps the easiest way to do it is to keep track, in the session, of
all of the previously visited pages and when one of them is hit, expire
the session.

Signature

Beware of bugs in the above code; I have only proved it correct, not
tried it. -- Donald E. Knuth

Reply to this Message
Lew - 22 Sep 2007 15:05 GMT
>> Hi,
>>
[quoted text clipped - 8 lines]
> all of the previously visited pages and when one of them is hit, expire
> the session.

Keeping paths like that is perilous and not really needed.  Just generate a
token for a page as you generate it, remove it when the page is submitted the
first time.  A REFRESH or BACK will not regenerate the token, so a rePOST
will fail to find the token in the session, so the POST can be rejected.

The trick is to maintain idempotency.  Then long, memory-intensive and
fragile path memories are unnecessary.

Signature

Lew

Reply to this Message
Lew - 22 Sep 2007 15:03 GMT
> Hi,
>
> I have one question that, how to code when I hit the "Back" Button of
> the browser it shoud state that Session is Expired. Please help in
> this regard.

That is client-side behavior.  If the page is cached you will not be able to
do it.

I will assume you are dealing with a servlet / JSP application, something you
failed to reveal.

Give the page a no-cache parameter.  When it re-POSTs use the Token pattern
to detect the revisit of the page and reject the session, which presumably
you will have already invalidated, right?

In general you can do nothing about client-side events, and should do nothing
about standardized behaviors like BACK or REFRESH (alt-left or F5,
respectively, on just about every browser).  What you can do is react to
events that hit the server, and generate appropriate responses.

Signature

Lew

Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.