5
To invalidate a session, my teacher passed the following code:
HttpSession session = request.getSession(false);
if (session!=null){
session.invalidate();
}
But after the logout, when I click Back in the browser, I can recover the same one I logged in. How can I delete it? Thanks in advance!
1
Try to use that:
Cookie[] cookies = request.getCookies();
if (cookies != null)
{
for (int i = 0; i < cookies.length; i++)
{
cookies[i].setMaxAge(-1); // se -1 nao funcionar tente 0 nao lembro bem essa parte
resp.addCookie(cookies[i]);
}
}
if you read the documentation says that :
"The server can maintain a session in many ways such as using cookies or rewriting URLs."
using these lines (or create a method) you will be turning off cookies.
PS: This code has not been tested.
Browser other questions tagged java-ee session login java
You are not signed in. Login or sign up in order to post.
The method to invalidate the session is this. You created the security part or are using some framework?
– adelmo00
Hello oveRider. The invalidate method does what you want. See if your browser is not caching the previous page, How this is solved is by adding some headers to the reply.
– Anthony Accioly
The method is correct, only this should be enough to disconnect the user, if you are not using some "Remember Me" feature. I don’t think the problem is there.
– Sidney
You updated the page after returning?
– José Roberto Araújo Júnior