wood burning stoves 2.0*
The moose likes Servlets and the fly likes strange experience with trying to invalidate a session Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "strange experience with trying to invalidate a session" Watch "strange experience with trying to invalidate a session" New topic
Author

strange experience with trying to invalidate a session

Amit Batra
Ranch Hand

Joined: Mar 04, 2006
Posts: 361
I have a JSP that collects a username and pass and sends to a Loginservlet and changes its look depending on if its a sigin in or log out. below is the code.




the servlet adds a 'loggedIn' variable and a user object variable onto the session. below is the code:
.


When the user clicks the logout , the logout servlet deletes the attributes and invalidates the session. code below


the oddity is that the servlet didint remove the user object attribute from the session but it did the loggedIn string when I logged out.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61095
    
  66

Before you do anything else, remove this logic from a JSP and put it into a servlet or filter where it belongs.

And the following:

<%! User user=null;%>

is a huge problem. This makes your JSP non-thread-safe as every concurrent request made to your JSP will share the same user variable.

Avoid these pitfalls by only using JSPs for the purpose they are intended for: renderrring the display. Perform all processing and decision making outside of JSPs.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Amit Batra
Ranch Hand

Joined: Mar 04, 2006
Posts: 361
I think you're absolutely right Bear. The code ran fine the first couple of time I tried it, but it bombed soon enough and got me back to square one. Thanks alot for the tip.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: strange experience with trying to invalidate a session