File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Sign Out Function Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Sign Out Function" Watch "Sign Out Function" New topic
Author

Sign Out Function

Luke Shannon
Ranch Hand

Joined: Sep 30, 2004
Posts: 239
I have an application that requires you to log-in. Authentication is done using Tomcat JDBC Security Realm.

My question is how can I create a function that allows someone to logout, meaning their session is killed and if they want to hit the login screen wishing to login under a new profile they will have that chance and not be immediately authenticated.

Thanks,

Luke


Luke
SCJP
Keith Pitty
Ranch Hand

Joined: Sep 22, 2005
Posts: 32
Use a servlet for the purpose of logging out and in that servlet invalidate the session. For example:


[ September 27, 2005: Message edited by: Keith Pitty ]
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

'Removing authentication details' is different depending on the container you are using, but Keith's code will work in Tomcat.
Wally Hartshorn
Ranch Hand

Joined: Jan 30, 2003
Posts: 77
I've just started tackling this exact same problem and came across this thread. I've created the servlet as suggested, but after logging out, when I try to log in again, I get this error message in my browser:



Here's Logout.java:


Any suggestions on what I'm doing wrong?
[ September 30, 2005: Message edited by: Wally Hartshorn ]

Wally Hartshorn
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Just to be sure: I'm assuming the different Logout form mapping and code sample package doesn't have anything to do with it?
Wally Hartshorn
Ranch Hand

Joined: Jan 30, 2003
Posts: 77
Originally posted by David O'Meara:
Just to be sure: I'm assuming the different Logout form mapping and code sample package doesn't have anything to do with it?


Nah, that was just a mistake in my cutting/pasting and editing of the message.

After posting my message, I wondered whether the fact that my login page was named "login.html" (rather than "login.jsp") would have something to do with it. So I tried renaming the file to "login.jsp" (even though it doesn't currently have any JSP code in it) and made the corresponding changes to the web.xml and Logout.java code. Then when I logged out, I got this message:


HTTP Status 400 - Invalid direct reference to form login page


Okay, so apparently trying to go directly to login.jsp is a no-no. So I changed my Logout.java code to forward to the main page of the web app, on the assumption that it would instead redirect to display the login page. Instead, it displayed the main page, but would not display an image that was on the page. Apparently, since the Logout servlet said to display the page, that was allowed, but none of the stuff requested by that page would be allowed until the user logged in.

Hmm... Still stuck! Any ideas?
Wally Hartshorn
Ranch Hand

Joined: Jan 30, 2003
Posts: 77
I think I just solved my problem.

In my Logout.java class, I changed this:


to this:


For whatever reason, that seems to have done the trick! I got the idea from this snippet in Tomcat's "webapps\jsp-examples\security\protected\index.jsp" code:


Here's the final Logout.java class:


(If anyone sees any "gotchas" to this method, please let me know!)

Thanks for your time!
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

OK, you're quite right. The original problem is a bit convoluted and I'm not sure I understand it myself (interaction between Struts, Post and the RequestDispatcher) but good job for solving it and thanks for the update.
Srinivasa Kadiyala
Ranch Hand

Joined: Jun 10, 2004
Posts: 237
I have used this code for one of my applications and notced that after I log-out, when I click the browser back button, the previous page when I logged-on is appreaing.
It should not if I log out and killing the session.

Pl help.


Srini
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Please start a new thread and provide a link refering to this thread. The original problem has been solved and people are less likely to join the conversation and help you out.

thanks,
Dave
 
 
subject: Sign Out Function