In my website a person when logs-out reaches the login page but on clicking back button he can access the previous page.
I am not able to understand where to put session.invalidate() And further where should i invalidate it, on or my other web pages when a person hits logout.
When an object is bound to a session (using the Http Session method, set Attribute(String name, Object value)) or unbound from a session (using the Http Session method, remove Attribute(String name)), the session checks to see whether or not the object implements the Http Session Binding Listener interface.
If it does, the object is notified that it has been bound to the session or unbound from the session via the callback methods value Bound(Http Session Binding Event event) and value Unbound(Http Session Binding Event event) respectively.
Can I log into your application with my desktop computer and my i Pad? my requirement is that i am administrator and multiple users login through remote locations, i want to monitor the users so i want to keep access to show me list of active users and which i have done and also access to invalidate that particular this.session Id is conformed coming from jsp.
I have also mention that i used http session Context's method get Session(String session ID) but which is depreciated.
Looks like you are redirecting to login page when user clicks on the "Log out" link and in that page you are invalidating the session first and presenting the login form.
An object can be notified when it is bound to a session or unbound from a session simply by implementing the Http Session Binding Listener interface.
We have already seen invalidate() method in session implicit object tutorial. Here we will see how to validate/invalidate a session.
Lets understand this with the help of an example: In the below example we have three jsp pages.
Take a look at this thread, it has some answers that you are looking for. t=146975 I use a servlet for the sole purpose of log outs.
In a crude way, you can check if a session exists on each page that a user goes.