Session Expire

U

ushajava

Hi,

I have one question that, how to code when I hit the "Back" Button of
the browser it shoud state that Session is Expired. Please help in
this regard.

Thanks,
Usha.
 
J

Joshua Cranmer

ushajava said:
Hi,

I have one question that, how to code when I hit the "Back" Button of
the browser it shoud state that Session is Expired. Please help in
this regard.

Thanks,
Usha.

Perhaps the easiest way to do it is to keep track, in the session, of
all of the previously visited pages and when one of them is hit, expire
the session.
 
L

Lew

ushajava said:
Hi,

I have one question that, how to code when I hit the "Back" Button of
the browser it shoud state that Session is Expired. Please help in
this regard.

That is client-side behavior. If the page is cached you will not be able to
do it.

I will assume you are dealing with a servlet / JSP application, something you
failed to reveal.

Give the page a no-cache parameter. When it re-POSTs use the Token pattern
to detect the revisit of the page and reject the session, which presumably
you will have already invalidated, right?

In general you can do nothing about client-side events, and should do nothing
about standardized behaviors like BACK or REFRESH (alt-left or F5,
respectively, on just about every browser). What you can do is react to
events that hit the server, and generate appropriate responses.
 
L

Lew

Joshua said:
Perhaps the easiest way to do it is to keep track, in the session, of
all of the previously visited pages and when one of them is hit, expire
the session.


Keeping paths like that is perilous and not really needed. Just generate a
token for a page as you generate it, remove it when the page is submitted the
first time. A REFRESH or BACK will not regenerate the token, so a rePOST
will fail to find the token in the session, so the POST can be rejected.

The trick is to maintain idempotency. Then long, memory-intensive and
fragile path memories are unnecessary.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top