You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/04/01 02:52:39 UTC

DO NOT REPLY [Bug 18540] New: - session invalidate() still doesn't work....

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18540>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18540

session invalidate() still doesn't work....

           Summary: session invalidate() still doesn't work....
           Product: Tomcat 3
           Version: 3.3.1 Final
          Platform: PC
        OS/Version: Other
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: tomtibbetts@yahoo.com


During my logoff procedure in Struts, I do the following:

request.getSession().invalidate();

to kill the session.  When I press the back button on the browser, I can still 
act in my session as though I had never been logged out.  It doesn't dump me 
back to my login page as I would expect.  Also, my UserPrincipal is still not 
null. After calling the invalidate(), I do a request.getSession().getId() and 
find that a new session has been created.  Is there a work around for this?

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org