Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Log Out when using security-constraint

 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI!
I am using Tomcat's <security-constraint> security feature, and I have no problems with my users logging in and eventually logging out (when session expires???)
What I want to do is to have a button that would log users out.... So I made a button to a LogOut.jsp where I tried the following:
<% session.invalidate(); %>
but it doesn't seem to work... How would you log out?
thank you!
 
Dani Mazzuca
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I think your code is correct, i.e., the session is correctly invalidated
(i.e. all the attributes related to that HttpSession object will not be
more accessible, etc, etc).
However, you should note that the next time you access any jsp page,
your code will probably create a new session, because, by default,
any JSP page calls a getSession() (equivalent to getSession(true)) method
at the beginning of the request, which will always create a session if it doesn't find one.
BTW, if you are using BASIC authentication, then the problem is that you can only get a new authentication window (to put your name and password) only if you close ALL your browser windows (this is a problem related with
the BASIC authentication method itself, not with java). In this case, you would probably consider to use FORM authentication instead.
Anyway, could you be more specific ? what "it doesn't seem to work" means?
Dani
 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
by it doesn't totaly work I mean is that it dont give no errors, but when I open the admin page (not from the browsers cache), it doesn't ask me for a pass...
oh man.. I dont like form thingy... its too much work But even in that case, how would you give the user ability to log out?
admin tool has this thing logOut.do, but I couldnt find it anywhere... ???
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic