tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Chappell" <chr...@dive100.freeserve.co.uk>
Subject Re: LogOut from JDBC Realm
Date Thu, 02 Dec 2004 11:51:58 GMT
Hi there - 

Thanks for the responses and sorry to get back to this - I haven't made any progress and have
had other problems (challenges?) to fix first!

I have a link to a logout servlet with the doGet()  method below.
Using eclipse debugging shows that the session "isValid=false" on invalidate correctly.

However clicking "back" on the browser creates a new session (with "isValid=true")in my session
handling function called from every page (except logout):

public static HttpSession setSessionData (HttpServletRequest request)
{
HttpSession session = request.getSession(true); 
if (session.getAttribute("viewmode") ==null) session.setAttribute("viewmode", "B");
...
}

So it doesn't seem that invalidate() is destroying the authentication - only clearing a session
which can be recreated.
Should I check if the session is invalid and forward to my logout page if so, or is there
a way of invalidating the login info?

Can anyone shed some photons on this.

TC :5.0.19, Solaris 9, Mysql 4.something - JDBC Realm, SSL + filter giving Cache-Control -
private,no-cache,no-store

Chris Chappell


public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException {

response.setContentType("text/html");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession();
session.invalidate();
out.println(GeneralUI.htmlHeader());
out.println("<table width=100%><tr height=200 valign=center><td align=center>Goodbye
 - you are now logged out</td></tr></table>");
out.println(GeneralUI.htmlFooter());
return;
}




On Tuesday 23 November 2004 17:09, Chris Chappell wrote:
> Hi there

Hi,

> Can anyone give me a pointer how to logout a JDBC Realm  authenticated user
> without closing the browser. E.g. I need a log out button which forwards to
> a goodbye page and does something like  this (fictitious)
> "userSession.expire();" I've had a trawl thriough the docs etc and nothing
> springs to obvious use. Using SSL though don't think this would change
> anything re this.

Just include this: <% session.invalidate(); %> it works on both 8080 (normal) 
and 8443 (ssl) connections.

> (TC 5.0.19 on Sol9 + MySQL 4)


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message