Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Logoff in web app

 
Mark Brothers
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We have a web app that should kill the current session of the user when they hit the logoff button. Here is the code of the Logoff action:
public String performAction(ActionForm form, HttpServletRequest request)
throws CasenetException {
//Create a generic user to replace who ever was logged in on the session
User user = new User();
// If there is an existing session, invalidate it so the credentials die
HttpSession session = request.getSession(false);
if (session != null) {
session.removeAttribute(USER);
session.invalidate();
}
return "welcome";
}
The user is stilled able to hit logon button after hitting the logoff button and it will switch the app as if they were still logged on. What are we doing wrong? We have set the application to use a database for session ifnormatino and persistence. On WAS 5.0 we have the app set up to use the database with the right userid and password. This session logoff still does not work properly. Any suggestions?
Thanks.
DMBrothers
 
danny liu
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The point is:
Shut down the session when logging off and build a new session when logging on.
-public String performAction(ActionForm form, HttpServletRequest request)
-throws CasenetException {
-//Create a generic user to replace who ever was logged in on the session
-User user = new User();
// If there is an existing session, invalidate it so the credentials die
-HttpSession session = request.getSession(false);
-if (session != null) {
-session.removeAttribute(USER);
the above should provide a name rather a object
-session.invalidate();
-}
-return "welcome";

after logging on succeussfully, create a new session
HttpSession session = request.getSession(true);

Dan
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic