How to destroy a Session in java?

Asked

Viewed 718 times

5

To invalidate a session, my teacher passed the following code:

HttpSession session = request.getSession(false);  
    if (session!=null){
        session.invalidate();
    }

But after the logout, when I click Back in the browser, I can recover the same one I logged in. How can I delete it? Thanks in advance!

  • 1

    The method to invalidate the session is this. You created the security part or are using some framework?

  • 1

    Hello oveRider. The invalidate method does what you want. See if your browser is not caching the previous page, How this is solved is by adding some headers to the reply.

  • The method is correct, only this should be enough to disconnect the user, if you are not using some "Remember Me" feature. I don’t think the problem is there.

  • You updated the page after returning?

1 answer

1


Try to use that:

Cookie[] cookies = request.getCookies();
if (cookies != null)
{
    for (int i = 0; i < cookies.length; i++)
    {
        cookies[i].setMaxAge(-1); // se -1 nao funcionar tente 0 nao lembro bem essa parte
        resp.addCookie(cookies[i]);
    }
}

if you read the documentation says that :

 "The server can maintain a session in many ways such as using cookies or rewriting URLs."

using these lines (or create a method) you will be turning off cookies.

PS: This code has not been tested.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.