Invalidating the session in jsp
action class rather than in the JSP page for non-small apps. If you keep all of your code in the files, except for one or two lines that are in scriplets, it becomes a nightmare for anyone else to maintain the code.
They would never think to look in the files for Java code, because that's not where the logic lives and it slows down the whole process of maintaining the site, or bringing people up to speed to maintain the site, so you can go off and do the fun things.
Please provide the code for invalidating the session (any way except for using the logout as a different jsp page), so that if a user logs out , he would not be able to directly enter the jsp page.
thanks in advance for your assistance as the last instruction of my page.
AFAIK, to invalidate the session inside an action, you must downcast the session Map (from the Session Aware interface) to a Session Map class, which seems little awkward to me.
I keep on saying that you can perform exactly the same with Logout Action, but keeping away code from JSP.
However, I agree that in very small apps is ok to do a little scripting. On 9/12/07, Gabriel Belingueres The only thing "wrong" with it is that now you are putting application control logic in a jsp page, which is 'OK' for small apps, and is probably 'OK' in this particular instance if there are no complicating factors.
If you find 2 or more files that invalidate a session, then I think you found a code smell. From a usability point of view, most use cases I know of (if not all), the session is invalidated when a user decides to leave the app (ie the logout process).