• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Sign Out Function

 
Luke Shannon
Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an application that requires you to log-in. Authentication is done using Tomcat JDBC Security Realm.

My question is how can I create a function that allows someone to logout, meaning their session is killed and if they want to hit the login screen wishing to login under a new profile they will have that chance and not be immediately authenticated.

Thanks,

Luke
 
Keith Pitty
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Use a servlet for the purpose of logging out and in that servlet invalidate the session. For example:


[ September 27, 2005: Message edited by: Keith Pitty ]
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
'Removing authentication details' is different depending on the container you are using, but Keith's code will work in Tomcat.
 
Wally Hartshorn
Ranch Hand
Posts: 77
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've just started tackling this exact same problem and came across this thread. I've created the servlet as suggested, but after logging out, when I try to log in again, I get this error message in my browser:



Here's Logout.java:


Any suggestions on what I'm doing wrong?
[ September 30, 2005: Message edited by: Wally Hartshorn ]
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just to be sure: I'm assuming the different Logout form mapping and code sample package doesn't have anything to do with it?
 
Wally Hartshorn
Ranch Hand
Posts: 77
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by David O'Meara:
Just to be sure: I'm assuming the different Logout form mapping and code sample package doesn't have anything to do with it?


Nah, that was just a mistake in my cutting/pasting and editing of the message.

After posting my message, I wondered whether the fact that my login page was named "login.html" (rather than "login.jsp") would have something to do with it. So I tried renaming the file to "login.jsp" (even though it doesn't currently have any JSP code in it) and made the corresponding changes to the web.xml and Logout.java code. Then when I logged out, I got this message:


HTTP Status 400 - Invalid direct reference to form login page


Okay, so apparently trying to go directly to login.jsp is a no-no. So I changed my Logout.java code to forward to the main page of the web app, on the assumption that it would instead redirect to display the login page. Instead, it displayed the main page, but would not display an image that was on the page. Apparently, since the Logout servlet said to display the page, that was allowed, but none of the stuff requested by that page would be allowed until the user logged in.

Hmm... Still stuck! Any ideas?
 
Wally Hartshorn
Ranch Hand
Posts: 77
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think I just solved my problem.

In my Logout.java class, I changed this:


to this:


For whatever reason, that seems to have done the trick! I got the idea from this snippet in Tomcat's "webapps\jsp-examples\security\protected\index.jsp" code:


Here's the final Logout.java class:


(If anyone sees any "gotchas" to this method, please let me know!)

Thanks for your time!
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, you're quite right. The original problem is a bit convoluted and I'm not sure I understand it myself (interaction between Struts, Post and the RequestDispatcher) but good job for solving it and thanks for the update.
 
Srinivasa Kadiyala
Ranch Hand
Posts: 237
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have used this code for one of my applications and notced that after I log-out, when I click the browser back button, the previous page when I logged-on is appreaing.
It should not if I log out and killing the session.

Pl help.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please start a new thread and provide a link refering to this thread. The original problem has been solved and people are less likely to join the conversation and help you out.

thanks,
Dave
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic