Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Logging out from muliple applications

 
Abhishek Bharg
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
Overview
I am facing a problem, that involves :
I have 2 applications : app1 and app2.
From app1 I can log to app2 without authentication, but both app1 and app2 are running on different servers and mentain different sessions.
Requirement
So my requirement is if I logout from one application I also get logged out from second application too.
Approach I am following
What I am doing right now is :
when I access app2 from app1, I used to save the session object in a hashmap (key as username,value as session object) and put that in application scope.
So when I click the logout buttion on app1, I directly make the connection to the Logout servlet of app2 using HttpURLConnection and retrive that map from application scope and retrive that session object on the basis of username and calls session.invalidate() method.
But it is throwing exception : IllegalStateException : session object already invalidated.

So please give any suggestions, why it is happening.
Thanks in Advance
Abhishek
 
Harpreet Singh janda
Ranch Hand
Posts: 317
Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You are saving the session object of app1 in a HashMap in app2. whn you are logging out a you first trying to invalidate the session object that is in HashMap or the one in app1?
 
Abhishek Bharg
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First of all, thanks for the reply.
I am accessing app2 from app1, that means I am saving the session of app2 in hashmap(in application context of app2 itself).
When I am logging out from app1 -- I want to logout from app2 as well, so I am creating the connection to logout servlet of app2 from app1 and tries to invalidate the session of app2 from hashmap in app2 itself.
This I think will solve your confusion.

Regards,
Abhishek
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't understand why you'd save the session in the application context (hopefully at least you're doing it in a rational, thread-safe way). But there's zero reason to do that--app1 should just keep the sessionid of app2, either in a cookie under something like HttpClient/etc. or as the original URL parameter received on login, and call app2's logout giving the same jsessionid or cookie back.
 
Abhishek Bharg
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the reply.
Can you please provide the code snippet for calling logout servlet of app2 from app1 and also passing the jsessionid of app2.

Currently in app1 I am calling the logout servlet of app2 by using the below mentioned code

HttpURLConnection connection = (HttpURLConnection)new URL("http://localhost:81/CMP/logout").openConnection();
connection.setRequestMethod("GET");
connection.connect();

In app2 I need to call the session.invalidate(), but how to obtain the session object in application app2?
Currently I am using this in app2:

ServletContext context = getServletContext();
Map userMap = (Map)context.getAttribute("userMap"); // taking the user session object from Map(stored in app2 context) in app2
HttpSession session1 = (HttpSession)userMap.get("username");
session1.invalidate(); // This is causing exception

Regards,
Abhishek

 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I already told you how: when you log in, either get the jsessionid parameter, or store the cookie.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic