tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam.Coo...@scisys.co.uk
Subject TC3.3m1 Possible bug with session.invalidate?
Date Fri, 02 Mar 2001 14:55:54 GMT
Hi,

I seem to be having a problem with session.invalidate(). I'm using this for
users to log out of my web site but it seems to take two attemps before the user
is properly logged out!

I am using JDBCRealms for authentication BTW.

I have set up a simple four page web site:

test/jsp/index.jsp ---- front page
<%
response.setHeader("Cache-Control","no-cache"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
%>
<html>
<body>
<%=request.toString()%><br>
<%=request.getSession (false)%><br>
<%=request.getRemoteUser()%><br>
<%=request.getUserPrincipal()%><br>

<h2><a href="protected/index.jsp">Login</a><h2>

</body>
</html>


test/jsp/protected/index.jsp --- protected page
<%
response.setHeader("Cache-Control","no-cache"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
%>
<html>
<body>

<%=request.toString()%><br>
<%=request.getSession (false)%><br>
<h2>you are currently logged in as <%= request.getRemoteUser() %></h2>
<h3><a href="logout.jsp">Logout</a></h3>

</body>
</html>


test/jsp/protected/logout.jsp --- logout page
<%
response.setHeader("Cache-Control","no-cache"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
%>
<html>
<body>
<%=request.toString()%><br>
<%=request.getSession (false)%><br>
<%=request.getRemoteUser()%><br>
<%=request.getUserPrincipal()%><br>
<%
     session.invalidate ();
%>
<%=request.getSession (false)%><br>
<%=request.toString()%><br>
<%=request.getRemoteUser()%><br>
<%=request.getUserPrincipal()%><br>

<a href="../index.jsp">home</a>.
</body>
</html>


test/jsp/login/login.jsp --- login page used by FORM based authentication.
<html>
<body>
<h1>Login page </h1>

<form method="POST" action="j_security_check" >
 Username: <input type="text" name="j_username"><br>
 Password: <input type="password" name="j_password"><br>
 <br>
 <input type="submit" value="login" name="j_security_check">
</form>

</body>
</html>


The problem occurs like this:
The first time around the request for protected/index.jsp is detected and you
have to log in.
Mime
View raw message