This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Overview I am facing a problem, that involves :
I have 2 applications : app1 and app2.
From app1 I can log to app2 without authentication, but both app1 and app2 are running on different servers and mentain different sessions.
Requirement So my requirement is if I logout from one application I also get logged out from second application too.
Approach I am following What I am doing right now is :
when I access app2 from app1, I used to save the session object in a hashmap (key as username,value as session object) and put that in application scope.
So when I click the logout buttion on app1, I directly make the connection to the Logout servlet of app2 using HttpURLConnection and retrive that map from application scope and retrive that session object on the basis of username and calls session.invalidate() method.
But it is throwing exception : IllegalStateException : session object already invalidated.
So please give any suggestions, why it is happening.
Thanks in Advance
You are saving the session object of app1 in a HashMap in app2. whn you are logging out a you first trying to invalidate the session object that is in HashMap or the one in app1?
Joined: Sep 21, 2010
First of all, thanks for the reply.
I am accessing app2 from app1, that means I am saving the session of app2 in hashmap(in application context of app2 itself).
When I am logging out from app1 -- I want to logout from app2 as well, so I am creating the connection to logout servlet of app2 from app1 and tries to invalidate the session of app2 from hashmap in app2 itself.
This I think will solve your confusion.
I don't understand why you'd save the session in the application context (hopefully at least you're doing it in a rational, thread-safe way). But there's zero reason to do that--app1 should just keep the sessionid of app2, either in a cookie under something like HttpClient/etc. or as the original URL parameter received on login, and call app2's logout giving the same jsessionid or cookie back.
Joined: Sep 21, 2010
Thanks for the reply.
Can you please provide the code snippet for calling logout servlet of app2 from app1 and also passing the jsessionid of app2.
Currently in app1 I am calling the logout servlet of app2 by using the below mentioned code
In app2 I need to call the session.invalidate(), but how to obtain the session object in application app2?
Currently I am using this in app2:
ServletContext context = getServletContext();
Map userMap = (Map)context.getAttribute("userMap"); // taking the user session object from Map(stored in app2 context) in app2
HttpSession session1 = (HttpSession)userMap.get("username");
session1.invalidate(); // This is causing exception