aspose file tools*
The moose likes JSP and the fly likes Logoff in web app Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Logoff in web app" Watch "Logoff in web app" New topic
Author

Logoff in web app

Mark Brothers
Greenhorn

Joined: Apr 15, 2004
Posts: 14
We have a web app that should kill the current session of the user when they hit the logoff button. Here is the code of the Logoff action:
public String performAction(ActionForm form, HttpServletRequest request)
throws CasenetException {
//Create a generic user to replace who ever was logged in on the session
User user = new User();
// If there is an existing session, invalidate it so the credentials die
HttpSession session = request.getSession(false);
if (session != null) {
session.removeAttribute(USER);
session.invalidate();
}
return "welcome";
}
The user is stilled able to hit logon button after hitting the logoff button and it will switch the app as if they were still logged on. What are we doing wrong? We have set the application to use a database for session ifnormatino and persistence. On WAS 5.0 we have the app set up to use the database with the right userid and password. This session logoff still does not work properly. Any suggestions?
Thanks.
DMBrothers
danny liu
Ranch Hand

Joined: Jan 22, 2004
Posts: 185
The point is:
Shut down the session when logging off and build a new session when logging on.
-public String performAction(ActionForm form, HttpServletRequest request)
-throws CasenetException {
-//Create a generic user to replace who ever was logged in on the session
-User user = new User();
// If there is an existing session, invalidate it so the credentials die
-HttpSession session = request.getSession(false);
-if (session != null) {
-session.removeAttribute(USER);
the above should provide a name rather a object
-session.invalidate();
-}
-return "welcome";

after logging on succeussfully, create a new session
HttpSession session = request.getSession(true);

Dan
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Logoff in web app