File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes strange experience with trying to invalidate a session Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "strange experience with trying to invalidate a session" Watch "strange experience with trying to invalidate a session" New topic
Author

strange experience with trying to invalidate a session

Amit Batra
Ranch Hand

Joined: Mar 04, 2006
Posts: 361
I have a JSP that collects a username and pass and sends to a Loginservlet and changes its look depending on if its a sigin in or log out. below is the code.




the servlet adds a 'loggedIn' variable and a user object variable onto the session. below is the code:
.


When the user clicks the logout , the logout servlet deletes the attributes and invalidates the session. code below


the oddity is that the servlet didint remove the user object attribute from the session but it did the loggedIn string when I logged out.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60789
    
  65

Before you do anything else, remove this logic from a JSP and put it into a servlet or filter where it belongs.

And the following:

<%! User user=null;%>

is a huge problem. This makes your JSP non-thread-safe as every concurrent request made to your JSP will share the same user variable.

Avoid these pitfalls by only using JSPs for the purpose they are intended for: renderrring the display. Perform all processing and decision making outside of JSPs.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Amit Batra
Ranch Hand

Joined: Mar 04, 2006
Posts: 361
I think you're absolutely right Bear. The code ran fine the first couple of time I tried it, but it bombed soon enough and got me back to square one. Thanks alot for the tip.
 
Consider Paul's rocket mass heater.
 
subject: strange experience with trying to invalidate a session
 
Similar Threads
Setting session to true and then invalidating
Very funny behavior of sessions...
problem in logout procedure
how to control redirect of j_servlet_check
Exact Front Controller In Realtime