GeeCON Prague 2014*
The moose likes JSP and the fly likes Invalidating session in a jsp Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » JSP
Bookmark "Invalidating session in a jsp" Watch "Invalidating session in a jsp" New topic
Author

Invalidating session in a jsp

jagan raja
Ranch Hand

Joined: Jan 29, 2010
Posts: 54
Hi All,

I have got Login.jsp and Index.jsp in my application.

When I enter the URL for Index.jsp it redirects me to the Login page.

I have included the following lines in my Index.jsp



Once I login, I create a session in my LoginServlet.java.

Now I have got a Logout link in my Index.jsp which when clicked takes to the Login page.



How to invalidate the session once I click the Logout link?

Thanks in advance!

Sean Clark
Rancher

Joined: Jul 15, 2009
Posts: 377

Hey,
If you are only doing this in JSPs then you would have to call the session.invalidate();. Though you should think about using servlets as well so you don't have to do all your java coding in side the jsps as this quickly gets messy and unmanageable.

Sean


I love this place!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61310
    
  66

Actually, you should be doing authentication checking in a filter, not in the JSPs, not in the servlets. And using .isNew() is not the best of ideas. Places an authetication token in the session upon login and check for that.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
jagan raja
Ranch Hand

Joined: Jan 29, 2010
Posts: 54
Hi Clark / Bibeault ,

Thanks for your info. I shall try using Filter for authentication.

And Bibeault, can I know why I shouldnt be using isNew()?

And authentication token in the sense do I want to set a attribute in a session and check for that in my jsp?

Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61310
    
  66

jagan raja wrote:And Bibeault, can I know why I shouldnt be using isNew()?
Look it up in the javadoc and see f you can answer this question yourself.

And authentication token in the sense do I want to set a attribute in a session and check for that in my jsp?
Yes, except that you can put something much more meaningful than a string in the session. I use a construct that not only indicates that a user is logged in, but identifies the user (as well as other properties such as roles and permissions when appropriate).
jagan raja
Ranch Hand

Joined: Jan 29, 2010
Posts: 54
Hi Bibeault,


So using isNew() doesn't confirm if a client has joined the session.

Thanks for your information.

 
GeeCON Prague 2014
 
subject: Invalidating session in a jsp