tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allistair Crossley" <Allistair.Cross...@QAS.com>
Subject RE: LogOut from JDBC Realm
Date Thu, 02 Dec 2004 11:57:31 GMT
instead of doing this, on your logout confirm JSP, use a meta expires tag to kill everything,
then back will not function.

http://www.htmlhelp.com/reference/wilbur/head/meta.html

> -----Original Message-----
> From: Chris Chappell [mailto:chrisc@dive100.freeserve.co.uk]
> Sent: 02 December 2004 11:52
> To: tomcat-user@jakarta.apache.org
> Subject: Re: LogOut from JDBC Realm
> 
> 
> Hi there - 
> 
> Thanks for the responses and sorry to get back to this - I 
> haven't made any progress and have had other problems 
> (challenges?) to fix first!
> 
> I have a link to a logout servlet with the doGet()  method below.
> Using eclipse debugging shows that the session 
> "isValid=false" on invalidate correctly.
> 
> However clicking "back" on the browser creates a new session 
> (with "isValid=true")in my session handling function called 
> from every page (except logout):
> 
> public static HttpSession setSessionData (HttpServletRequest request)
> {
> HttpSession session = request.getSession(true); 
> if (session.getAttribute("viewmode") ==null) 
> session.setAttribute("viewmode", "B");
> ...
> }
> 
> So it doesn't seem that invalidate() is destroying the 
> authentication - only clearing a session which can be recreated.
> Should I check if the session is invalid and forward to my 
> logout page if so, or is there a way of invalidating the login info?
> 
> Can anyone shed some photons on this.
> 
> TC :5.0.19, Solaris 9, Mysql 4.something - JDBC Realm, SSL + 
> filter giving Cache-Control - private,no-cache,no-store
> 
> Chris Chappell
> 
> 
> public void doGet(HttpServletRequest request, 
> HttpServletResponse response) throws ServletException, IOException {
> 
> response.setContentType("text/html");
> PrintWriter out = response.getWriter();
> HttpSession session = request.getSession();
> session.invalidate();
> out.println(GeneralUI.htmlHeader());
> out.println("<table width=100%><tr height=200 
> valign=center><td align=center>Goodbye  - you are now logged 
> out</td></tr></table>");
> out.println(GeneralUI.htmlFooter());
> return;
> }
> 
> 
> 
> 
> On Tuesday 23 November 2004 17:09, Chris Chappell wrote:
> > Hi there
> 
> Hi,
> 
> > Can anyone give me a pointer how to logout a JDBC Realm  
> authenticated user
> > without closing the browser. E.g. I need a log out button 
> which forwards to
> > a goodbye page and does something like  this (fictitious)
> > "userSession.expire();" I've had a trawl thriough the docs 
> etc and nothing
> > springs to obvious use. Using SSL though don't think this 
> would change
> > anything re this.
> 
> Just include this: <% session.invalidate(); %> it works on 
> both 8080 (normal) 
> and 8443 (ssl) connections.
> 
> > (TC 5.0.19 on Sol9 + MySQL 4)
> 
> 


<FONT SIZE=1 FACE="VERDANA,ARIAL" COLOR=BLUE> 
-------------------------------------------------------
QAS Ltd.
Developers of QuickAddress Software
<a href="http://www.qas.com">www.qas.com</a>
Registered in England: No 2582055
Registered in Australia: No 082 851 474
-------------------------------------------------------
</FONT>

Mime
View raw message