I already have my forms and in my java web project "JSP" connected to the oracle 10g database, it is already working, it allows me to enter and exit with registered users but I have a problem:
When I close the session, it redirects me to the login to log in again but it does not invalidate the session, if I return to the previous pages it shows them to me and I do not want it to show them because the session should have already been finished and I do not know how to invalidate it according to my code it would allow to destroy the session but something is wrong, here I will leave my code. Thank you so much. This is the code of the login.jsp
<% operaciones op = new operaciones();
if (request.getParameter("btnIngresar") !=null){
String user_name=request.getParameter("txtUser");
String nombre=request.getParameter("txtNombre");
HttpSession sesion = request.getSession();
switch(op.logear(user_name ,nombre)){
case 1:
sesion.setAttribute("user_name", user_name);
sesion.setAttribute("nivel", "1");
response.sendRedirect("inicio.jsp");
out.print("<a href=''><h5>Bienvenido "+user_name+" </h5></a>");
break;
case 2:
sesion.setAttribute("user_name", user_name);
sesion.setAttribute("nivel", "2");
response.sendRedirect("user.jsp");
out.print("<a href='edicion.html?cerrar=false' ><h5>Bienvenido "+user_name+" </h5></a>");
break;
default:
out.write("<center></center>");
out.write("<center>El usuario no existe o contraseña invalida, intente de nuevo</center>");
break;
}
if (request.getParameter("cerrar")!=null){
session.invalidate();
}
}
%>
This is the one from my logout.jsp
<% HttpSession sesion = request.getSession();
String user_name;
String nivel;
if (sesion.getAttribute("user_name")!=null && sesion.getAttribute("nivel")!=null){
user_name=sesion.getAttribute("user_name").toString();
nivel=sesion.getAttribute("nivel").toString();
out.print("<a href='login.jsp?cerrar=true' ><h5>Cerrar sesion "+user_name+" </h5></a>");
}else{
out.print("<script>location.replace('login.jsp');</script>");
}
%>
and finally here is my loguar function in operations.java
public int logear (String us, String nom) throws SQLException{
Connection conn;
PreparedStatement pst;
ResultSet rs;
int cont=0;
int nivel=0;
String sql ="select nivel from users where user_name='"+us+"' and nombre='"+nom+"'";
try{
Class.forName(this.driver);
conn = DriverManager.getConnection(this.url, this.uss, this.contra);
pst= conn.prepareStatement(sql);
rs= pst.executeQuery();
while (rs.next()){
nivel = rs.getInt(1);
}
conn.close();
} catch (ClassNotFoundException e) {
}
return level;
}
}
You must invalidate the session in HTTPServletRequest using the invalidate method of the HttpSesion class.
This removes all stored session information such as user information that you store when logging in.