Is it necessary to use SessionMap in struts2?

Question

HttpSession session;
session=request.getSession(false);
session.invalidate();

i m working on struts2 and hibernate framework.i have written this code in Logoutaction class but on pressing the back button in browser,its taking me to the old profile,which shouldn't happen after invalidating the session.So,should i use SessionMap or Map instead of HttpSession to invalidate the session?? i have searched for this but all i could find was the use of map and SessionMap.

The session map *has* an invalidate method that works; the issue is almost certainly caching, not the session handling. — Dave Newton, Aug 14 '14 at 21:58
yeah.. but then this shouldn't be happening on pressing the back button. — Nidhi, Aug 15 '14 at 08:46

score 0 · Answer 1 · answered Aug 14 '14 at 18:47

0

you can use this method to logout from the session:

package simple;
import java.util.Map;
import javax.servlet.http.HttpSession;

import com.opensymphony.webwork.ServletActionContext;
import com.opensymphony.xwork.ActionSupport;

public class LogoutAction extends ActionSupport {

    public String execute() throws Exception { 
     Map session = ActionContext.getContext().getSession();
session.remove("logined"); 
session.remove("context");
        return SUCCESS;
    }

}

answered Aug 14 '14 at 18:47

Bourkadi

738
1
7
17

What are `logined` and `context`? – Aleksandr M Aug 15 '14 at 08:09
i wrote your code but the problem of going back to the last opened profile still persists.. – Nidhi Aug 15 '14 at 08:48
"logined" and "context" are sesseion variables,they are just an example – Bourkadi Aug 15 '14 at 20:47
@Nidhi Because your page is cached. – Dave Newton Aug 16 '14 at 14:10

score 0 · Answer 2 · answered Aug 17 '14 at 03:16

The problem of back button is that the browser is showing the cached page. To prevent browser caching,

you need to put following in header of your page.

"Cache-control","no-cache, no-store, must-revalidate"
"Pragma", "no-cache"
"Expires", "-1"
"Vary", "*"

You can do it either using interceptor or putting code in action or jsp page.

Removing Session code is to remove session only, it can not remove cache. But server side for every action you can check session by making interceptor and prevent user from performing action if session is destroyed.

It is not necessary to use map. But struts2 provide ServletAware interface to work with session. It is your choice to go with struts2 or not.

Is it necessary to use SessionMap in struts2?

2 Answers2