| Author |
strange experience with trying to invalidate a session
|
Amit Batra
Ranch Hand
Joined: Mar 04, 2006
Posts: 361
|
|
I have a JSP that collects a username and pass and sends to a Loginservlet and changes its look depending on if its a sigin in or log out. below is the code.
the servlet adds a 'loggedIn' variable and a user object variable onto the session. below is the code:
.
When the user clicks the logout , the logout servlet deletes the attributes and invalidates the session. code below
the oddity is that the servlet didint remove the user object attribute from the session but it did the loggedIn string when I logged out.
|
 |
Bear Bibeault
Author and ninkuma
Marshal
Joined: Jan 10, 2002
Posts: 56529
|
|
Before you do anything else, remove this logic from a JSP and put it into a servlet or filter where it belongs.
And the following:
<%! User user=null;%>
is a huge problem. This makes your JSP non-thread-safe as every concurrent request made to your JSP will share the same user variable.
Avoid these pitfalls by only using JSPs for the purpose they are intended for: renderrring the display. Perform all processing and decision making outside of JSPs.
|
[Smart Questions] [JSP FAQ] [Books by Bear] [Bear's FrontMan] [About Bear]
|
|
Amit Batra
Ranch Hand
Joined: Mar 04, 2006
Posts: 361
|
|
|
I think you're absolutely right Bear. The code ran fine the first couple of time I tried it, but it bombed soon enough and got me back to square one. Thanks alot for the tip.
|
|
 |
|
|
subject: strange experience with trying to invalidate a session
|
|
|
0
