I start with my customary caution that user-written login systems are not recommended for security reasons.
Regardless of whether you use the J2EE standard security login or you roll your own (with all the risks and expenses that that entails), the way to logout is the same. Invalidate the session.
However. In JSF, a session is not the same thing as being logged in. JSF uses sessions to a much greater degree than most J2EE platforms do. So it's very common that you log out, invalidating a session, and JSF immediately creates a whole new session. That is not only normal, it is necessary. However, this new session should differ from the session that it just replaced, because none of the session objects (attributes) from the pre-logout session should be present in the new session. Any attributes that do exist in the new session should have been created when the new session was created.
So, if you are logged in, you have a session, but just because you have a session doesn't mean that you're logged in.
An IDE is no substitute for an Intelligent Developer.
Rahul Raj cochin
Joined: Mar 29, 2012
Thank you for the information..
But can you tell me why logout function is not working?
When I click 'logout' option, it should invalidate session and redirect to login page.