Warrior Warrior - 1 year ago 105
Java Question

How to invalidate browser session

How can I invalidate Browser Session. I am using JSP's.

is been set to 180 seconds and I want it like that only. But the problem is on some special occasion for some user's browser session need to be invalidated immediately right after a form submit.

I have used
to invalidate session and also used

response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);

But, still when I click the back button it will take me to the same users session. Is this loading from browser cache?

This is what i have in my JSP :

<script type="text/javascript">
function submitForm(){window.document.submitFrm.submit();}
<body onload="submitForm()">
<%String output = (String)(request.getAttribute("strOut"));
String hookUrl = (String)(request.getAttribute("hookUrl"));
System.out.println("hookUrl in cwsGroup.jsp : "+hookUrl);%>
<form method="post" action="<%=hookUrl%>" name="submitFrm" id="submitFrm">
<input type="hidden" name="cxml-urlencoded" value='<%=output%>' />
response.setDateHeader( "Expires", 0 );

Am I missing something?

Answer Source

Those headers are incomplete. This would only work in Internet Explorer, but would fail in others. The complete set is

response.setDateHeader("Expires", 0);

And you also need to set them in the previous JSP pages as well. Calling this inside a JSP would only disable caching the current JSP page. You need to copypaste it over all JSP pages (shudder). Or even better, use a Filter for this which is mapped on *.jsp. For an example, see this answer.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download