I have a filter to control the session of my application.when the user logs in he will be able to access all the jsp pages .
Problem--- Even after user logs out , he is able to directly access the jsp pages , by typing the url .(but before loggin in he would be redirected to login page if
he tries to access any jsp page directly)
What should I do to avoid this problem , (ie when the user hits the "logout" he should not be able to directly access the jsp pages any more , he needs to be redirected again to login page.)
I am actually just using a logout link , (its a href tht redirects the page to the login.jsp ) , I cannot invalidate the session here.(ie I cannot create a seperate jsp page for the logout -- how do I I invalidate the sesion here?)
So when the user hits this logout link he is redirected to the login page.
But after tht when he enters the url directly he is able to directly access the pages.
please provide soln