You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/04/01 02:52:39 UTC
DO NOT REPLY [Bug 18540] New: -
session invalidate() still doesn't work....
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18540>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18540
session invalidate() still doesn't work....
Summary: session invalidate() still doesn't work....
Product: Tomcat 3
Version: 3.3.1 Final
Platform: PC
OS/Version: Other
Status: NEW
Severity: Major
Priority: Other
Component: Unknown
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: tomtibbetts@yahoo.com
During my logoff procedure in Struts, I do the following:
request.getSession().invalidate();
to kill the session. When I press the back button on the browser, I can still
act in my session as though I had never been logged out. It doesn't dump me
back to my login page as I would expect. Also, my UserPrincipal is still not
null. After calling the invalidate(), I do a request.getSession().getId() and
find that a new session has been created. Is there a work around for this?
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org