• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Invalidating session in a jsp

 
jagan raja
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I have got Login.jsp and Index.jsp in my application.

When I enter the URL for Index.jsp it redirects me to the Login page.

I have included the following lines in my Index.jsp



Once I login, I create a session in my LoginServlet.java.

Now I have got a Logout link in my Index.jsp which when clicked takes to the Login page.



How to invalidate the session once I click the Logout link?

Thanks in advance!

 
Sean Clark
Rancher
Posts: 377
Android Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey,
If you are only doing this in JSPs then you would have to call the session.invalidate();. Though you should think about using servlets as well so you don't have to do all your java coding in side the jsps as this quickly gets messy and unmanageable.

Sean
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64620
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, you should be doing authentication checking in a filter, not in the JSPs, not in the servlets. And using .isNew() is not the best of ideas. Places an authetication token in the session upon login and check for that.
 
jagan raja
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Clark / Bibeault ,

Thanks for your info. I shall try using Filter for authentication.

And Bibeault, can I know why I shouldnt be using isNew()?

And authentication token in the sense do I want to set a attribute in a session and check for that in my jsp?

 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64620
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
jagan raja wrote:And Bibeault, can I know why I shouldnt be using isNew()?
Look it up in the javadoc and see f you can answer this question yourself.

And authentication token in the sense do I want to set a attribute in a session and check for that in my jsp?
Yes, except that you can put something much more meaningful than a string in the session. I use a construct that not only indicates that a user is logged in, but identifies the user (as well as other properties such as roles and permissions when appropriate).
 
jagan raja
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Bibeault,


So using isNew() doesn't confirm if a client has joined the session.

Thanks for your information.

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic