I implemented a sevlet filter in my application, and within the filter, if I find some specific url pattern, I will use request.getSession().invalidate() to logout and clear the session, then redirect to a login page.
session.invalidate();
session.setAttribute开发者_高级运维("hi", true);
response.sendRedirect("login.jsp");
but I found, after that I enter username and password, then submit the login form, the previous session seems not be completely cleared.
So is it possible to let me completely clear out the session and just like start a new IE instance ?(BTY, my code works in FF and Chrome).
The session is a server-side concept. The browser only hold a jsessionid to tell the server which session object to fetch for this request.
That said, your problem is not IE. And even if it is, it is some sort of caching the you are facing. Clear your cache. You can set these response headers:
Cache-Control: no-cache, no-store
Pragma: no-cache
@Bozho a quick question to clarify. JSP has default session implict object created. Here in this case ,he created a session and then invalidates , after invalidation , he sets the attributes which again uses implicit session created.
I know this is a old post. But recently I have the same problem.
I try session.invalidate().... and not works. I try delete coockies and not works...
The problem was internet explorer cache.. I just put no cache headers on my serlevt response and then works for me.
Exmple code:
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setHeader("Cache-Control","no-store"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0);
......
......
response.response.getWriter().print(json);
}
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论