aspose file tools
The moose likes Servlets and the fly likes Log out when using form based authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Java » Servlets
Reply Bookmark "Log out when using form based authentication" Watch "Log out when using form based authentication" New topic
Author

Log out when using form based authentication

Calina Cazangiu
Ranch Hand

Joined: Feb 27, 2003
Posts: 30
posted private message
0
Quote
Hi,
How do I log out and then log in again when I use a form to authenticate the user? I cannot call the login form directly, and the only time this form is called is when the session has timed out, but not when I do session.invalidate().
Thanks,
Calina
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I like...
Android Eclipse IDE Ubuntu
posted
0
Quote
The code used to explicitly log a user out depends on the server you use. In WebSphere it is (something like) new SSOAuthenticator().logout(request, response). I believe the function is missing in Tomcat, and I forget what it is in WebLogic.
Some also offer a second method by having the user post a request to j_logout_servlet (or somethhing like that) in the same way that form based authentication uses j_login_servlet to log the user in.
When the container provides a programatic method to log a user out, they usually provide a similar way to programatically log them in.
You'd have to give me more info if you want something more specific than that.
Dave
R K Singh
Ranch Hand

Joined: Oct 15, 2001
Posts: 5369
posted private message
0
Quote
Originally posted by Calina Cazangiu:
Hi,
How do I log out and then log in again when I use a form to authenticate the user? I cannot call the login form directly, and the only time this form is called is when the session has timed out, but not when I do session.invalidate().
Thanks,
Calina

I think it should use again Form Authentication (even if you are using servlets2.2 form authentication) when you invalidate session.
Which server are you using ??
I think ur session checking is not proper.
You must be using req.getSession(true) and then not checking properly the userid.

"Thanks to Indian media who has over the period of time swiped out intellectual taste from mass Indian population." - Chetan Parekh
Calina Cazangiu
Ranch Hand

Joined: Feb 27, 2003
Posts: 30
posted private message
0
Quote
Thanks, guys!
I use Tomcat. I'll try the method that David suggested.
Calina
Calina Cazangiu
Ranch Hand

Joined: Feb 27, 2003
Posts: 30
posted private message
0
Quote
Ravish,
I don't follow you. Are you saying that after I do session.invalidate() I need to do request.getSession(true) and go to the entry page and this will take me to the login page? I don't see how this would work.
thanks,
Calina
R K Singh
Ranch Hand

Joined: Oct 15, 2001
Posts: 5369
posted private message
0
Quote
Originally posted by Calina Cazangiu:
Ravish,
thanks,
Calina

I am saying that use session.getSession(false).
It will return session object only if already session is created.
If you say session.getSession(true) it will create session if session already does not exist.
So it is always good to use session.getSession(false) once you have created session.
 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: Log out when using form based authentication
 
Similar Threads
Logout servlet problem with back button
assignment log updates
client hangs after getting data from server
JSP page time out
Looking for an idea to call action listner or other way to call java code from link(not commandlink)