This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Logging out from muliple applications Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Logging out from muliple applications" Watch "Logging out from muliple applications" New topic
Author

Logging out from muliple applications

Abhishek Bharg
Greenhorn

Joined: Sep 21, 2010
Posts: 3
Hi All,
Overview
I am facing a problem, that involves :
I have 2 applications : app1 and app2.
From app1 I can log to app2 without authentication, but both app1 and app2 are running on different servers and mentain different sessions.
Requirement
So my requirement is if I logout from one application I also get logged out from second application too.
Approach I am following
What I am doing right now is :
when I access app2 from app1, I used to save the session object in a hashmap (key as username,value as session object) and put that in application scope.
So when I click the logout buttion on app1, I directly make the connection to the Logout servlet of app2 using HttpURLConnection and retrive that map from application scope and retrive that session object on the basis of username and calls session.invalidate() method.
But it is throwing exception : IllegalStateException : session object already invalidated.

So please give any suggestions, why it is happening.
Thanks in Advance
Abhishek
Harpreet Singh janda
Ranch Hand

Joined: Jan 14, 2010
Posts: 317

You are saving the session object of app1 in a HashMap in app2. whn you are logging out a you first trying to invalidate the session object that is in HashMap or the one in app1?
Abhishek Bharg
Greenhorn

Joined: Sep 21, 2010
Posts: 3
First of all, thanks for the reply.
I am accessing app2 from app1, that means I am saving the session of app2 in hashmap(in application context of app2 itself).
When I am logging out from app1 -- I want to logout from app2 as well, so I am creating the connection to logout servlet of app2 from app1 and tries to invalidate the session of app2 from hashmap in app2 itself.
This I think will solve your confusion.

Regards,
Abhishek
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

I don't understand why you'd save the session in the application context (hopefully at least you're doing it in a rational, thread-safe way). But there's zero reason to do that--app1 should just keep the sessionid of app2, either in a cookie under something like HttpClient/etc. or as the original URL parameter received on login, and call app2's logout giving the same jsessionid or cookie back.
Abhishek Bharg
Greenhorn

Joined: Sep 21, 2010
Posts: 3
Thanks for the reply.
Can you please provide the code snippet for calling logout servlet of app2 from app1 and also passing the jsessionid of app2.

Currently in app1 I am calling the logout servlet of app2 by using the below mentioned code

HttpURLConnection connection = (HttpURLConnection)new URL("http://localhost:81/CMP/logout").openConnection();
connection.setRequestMethod("GET");
connection.connect();

In app2 I need to call the session.invalidate(), but how to obtain the session object in application app2?
Currently I am using this in app2:

ServletContext context = getServletContext();
Map userMap = (Map)context.getAttribute("userMap"); // taking the user session object from Map(stored in app2 context) in app2
HttpSession session1 = (HttpSession)userMap.get("username");
session1.invalidate(); // This is causing exception

Regards,
Abhishek

David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

I already told you how: when you log in, either get the jsessionid parameter, or store the cookie.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Logging out from muliple applications
 
Similar Threads
Pass username and password via browser in Formbased Authentication
How to replicate sessions between two web applications on the same tomcat?
inconistent session time-out,cookie name change is not a option
Session problem!
Session expires while accessing applications parallelly