File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Log Out when using security-constraint Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Log Out when using security-constraint" Watch "Log Out when using security-constraint" New topic

Log Out when using security-constraint

Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
I am using Tomcat's <security-constraint> security feature, and I have no problems with my users logging in and eventually logging out (when session expires???)
What I want to do is to have a button that would log users out.... So I made a button to a LogOut.jsp where I tried the following:
<% session.invalidate(); %>
but it doesn't seem to work... How would you log out?
thank you!
Dani Mazzuca
Ranch Hand

Joined: May 21, 2003
Posts: 70
I think your code is correct, i.e., the session is correctly invalidated
(i.e. all the attributes related to that HttpSession object will not be
more accessible, etc, etc).
However, you should note that the next time you access any jsp page,
your code will probably create a new session, because, by default,
any JSP page calls a getSession() (equivalent to getSession(true)) method
at the beginning of the request, which will always create a session if it doesn't find one.
BTW, if you are using BASIC authentication, then the problem is that you can only get a new authentication window (to put your name and password) only if you close ALL your browser windows (this is a problem related with
the BASIC authentication method itself, not with java). In this case, you would probably consider to use FORM authentication instead.
Anyway, could you be more specific ? what "it doesn't seem to work" means?
Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
by it doesn't totaly work I mean is that it dont give no errors, but when I open the admin page (not from the browsers cache), it doesn't ask me for a pass...
oh man.. I dont like form thingy... its too much work But even in that case, how would you give the user ability to log out?
admin tool has this thing, but I couldnt find it anywhere... ???
I agree. Here's the link:
subject: Log Out when using security-constraint
It's not a secret anymore!