If it is valid then call reset Token and that value will be removed from the session.
If the user backs up and submit the page they will have the old token and when you call is Token Valid you will get false and be able to deal with it as you please.
Invalidating a session does not invalidate all other session tied to the SSO cookie. Upgrading to a newer version of JBoss is not an option, so I am looking for a configuration or patch solution.
I am not entirely sure yet, but I think that when it does work the org.apache.catalina.authenticator.
Specifically with respect to session, you can check to see if the session expired at the top of every page and redirect to a page that explains what happened so the user can take the appropriate action. Hey Coolzubair, The user can always click back to return to the previous page IF there is a page. Any new aspx page you have, modify your code behind to inherit from your page Base class.
However, you can put at the top of each page a check to see if the Session equals something. This will save you from having to manually add or call this logic each time, its just automatic. John by disabling the caching of pages on the client , read vivek solution "Disable" Back Browser Button ASP.
The first page is the Logon page where the user enters logon id and password which gets stored in session.
Regards, Lakshmi How can you invalidate the session locally on the device, for example when the device is out of network coverage?Then in your action class that the submits to you can call is Token Valid.That will check that hidden field to make sure it is the same number that was generated and put on the page for you in the other action class.Another way is that the user closes their browser and visits your site in a new browser window.There are probably other ways the session can expire, but I can't think of any right at the moment.Hi, In the post processor of the login service, we have credentials saved into a session to be used int he subsequent service calls. Now, we have a requirement to invalidate the session on "logout" of the application.