To invalidate a session, my teacher passed the following code:
HttpSession session = request.getSession(false);
if (session!=null){
session.invalidate();
}
But after logout, when I click Back in the browser, I can retrieve the same one I had logged in to. How do I delete it? Thank you in advance!
Try to use this:
Cookie[] cookies = request.getCookies();
if (cookies != null)
{
for (int i = 0; i < cookies.length; i++)
{
cookies[i].setMaxAge(-1); // se -1 nao funcionar tente 0 nao lembro bem essa parte
resp.addCookie(cookies[i]);
}
}
If you read the documentation say that:
"The server can maintain a session in many ways such as using cookies or rewriting URLs."
Using these lines (or create a method) you will be turning off cookies.
PS: This code has not been tested.