You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by BillWorker 2i Development Team <bi...@info.com.np> on 2001/09/06 09:24:36 UTC

session invalidate

Hi,

I have a login page which authenticates the user and sets an attribute
in session using sessioin.setAttribute().

Then in all my projected pages I have included a checkLogin page with an
include directive. checkLogin checks if the attribute is sent in the
session.

When I log out, I invalidate the session with session.invalidate().

When I am logged out if I try to access any protected page by directly
typing the url I am informed that I am not logged in.

However, if after log out I do back. I get page expired in cache, should
the browser repost?

When I choose yes. The old session is VALIDATED and I get to access the
protected pages. I can also access other protected pages by typing the
URL directly. What is happening? Why is the session the invalidated
session getting validated when I reload old protected pages?

I checked this behaviour with both Tomcat 3.2.1 and Tomcat 3.2.3.


Ashish