I have a strange issue. The first page (mainIndex.jsp) uses a login page called index.jsp to test whether a user is authenticated and if not, shows a login form. If user is authenticated, it uses jsp:forward to forward to mainIndex.jsp. A Java servlet is used by index.jsp to check the user's details are correct and if so, stores the authentication information in the HttpSession (sets "authenticated" value to true and "username" to the username of the user). This works fine and the username is shown on mainIndex.jsp.
The second page is just a test page hyperlinked from mainIndex.jsp that is supposed to get the HttpSession associated with the request header and show the username stored in the HttpSession. This does not work. Does anyone know why?
By the way, I am using Apache Tomcat 5.5.9 under Windows XP Professional but not using J2EE security as I don't have access to the server configuration files, in order to set it up.
Jon, if you thought that that line would defer calling the invalidate method until the hyper-link was clicked, you have a basic misunderstanding of the life-cycle of a JSP.
All the Java scriptlets in a JSP are executed on the server side in order to create a plain old HTML page to send to the browser. As such, your invalidate method is being called before the page is even sent to the browser.
Do a View Source on the page and see what your anchor tag got turned into. [ July 21, 2005: Message edited by: Bear Bibeault ]
Or, better yet, find the java file that got created on behalf of your JSP and see what code executes when the page is hit. (Under Tomcat, these can be found in the folder hierarchy rooted at $CATALINA_HOME/work).