File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session is not invalidated

 
Timothy Sam
Ranch Hand
Posts: 751
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys! I have the following code...




Now, this logoff servlet is called from another application. Basically, app1 has its own session and so is app2.

When a user clicks logoff in app1, app1 makes a call to app2's logoff servlet. Howeve, it seems that only app1's session is destroyed and not app2. It should be both. What could be the problem here? Thanks!
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sessions are not cross context.
You will need to explicitly invalidate the session in each context.
 
Timothy Sam
Ranch Hand
Posts: 751
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, that is why I made a redirect from app1 to app2's logoff servlet. Let's say app1 has its own servlet to invalidate its session, and app2 also has that also. What happens is this:

app1's loggoff buttons is clicked
app1's logoff servlet executes and invalidates its session
app1's logoff servlet redirect to app2's logoff servlet
app2's logoff servlet executes and redirect to some other page/site


or is this totally impossible? Thanks!
 
Timothy Sam
Ranch Hand
Posts: 751
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, that is why I made a redirect from app1 to app2's logoff servlet. Let's say app1 has its own servlet to invalidate its session, and app2 also has that also. What happens is this:

app1's loggoff buttons is clicked
app1's logoff servlet executes and invalidates its session
app1's logoff servlet redirect to app2's logoff servlet
app2's logoff servlet executes and redirect to some other page/site


or is this totally impossible? app2 BTW is in an iFrame. Thanks!
 
Subhadip Chatterjee
Ranch Hand
Posts: 93
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Please correct me if i am wrong. When you are clicking on LogOff from App1, it's passing the request to App2. Now, the Servlet class, that you have texted here, is the one used by App2. Alright...Now, in the servlet you are creating Session, from the request, which is coming from App1. Hence, it will create a session of App1's. Session.invalidate(), clears of everything from App1's session.
I don't think, you can pass the request from App1 to App2, to close the Session of App2;'cauz App1's session doesn't necessarily maintain App2's session, unless it's kind of single sign-on or, common Header space for both the Apps.
Let's see it with an example; Let's say, App1 is a portal, where you log in. That creates a session in App1. From App1, you have got a link to go to App2, which is taking some user info from App1 header & starts it's own session. Now, if you log-off from App2, that doesn't mean, you are invalidating the session of App1 also.
I hope, you are clear with what point I am trying to drive straight home.
 
Timothy Sam
Ranch Hand
Posts: 751
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Subhadip Chatterjee

Thanks! You actually got it clear and I get your point. Hmmm... What could be a possible workaround? I'm thinking of just passing everything from request to request instead of session but it seems very insecure. App2 had to be a separate one since App1 is an app from our client and they happen to be just outsourcing App2 to us.
 
Subhadip Chatterjee
Ranch Hand
Posts: 93
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sam,
It's good to hear that you understood my example. I am also gonna work on this to find a solution for you, as well. But passing request (RequestDispatcher) only works in individual Servlet Contexts, it's not a cross-context stuff. So, we both have to do a little thinking over that.If you come up, with something, post that for folks sake, 'cauz that will be really helpful.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic