Hi to all.
I've read in the forum that when any web application has FORM based security,
the way you can implement logout is making session.invalidate()
I don't have problems when I request a resource under security protection. The
form is showed to me and I validate correctly.
The issue is that in my application I have a logout function to remove the
userPrincipal stored in the request.
The implementation of this logout function is session.invalidate(). But, after
invalidate the session, the userPrincipal is still in the request.
For example, I can see it with this code:
| request.getSession().invalidate();
| System.out.println("The user is in the request after logging out: ");
| System.out.println( request.getUserPrincipal()!=null?"SI":"NO");
|
And I can see in the console the answer "YES".
Anybody can help me, please?
Thanks a lot in advance
P.S.: I'm using JBoss 4.0.1
P.S.: If I use two consecutive times the logout function, then the
userPrincipal does not exists. This is, to effectively logout the user, I have
to click twice in the logout place of the web application. Of course, this is a
not desired behaviour.But, why session.invalidate() works the second time and
doesn't work the first time I call it?
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3875898#3875898
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3875898
-------------------------------------------------------
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start! http://www.idcswdc.com/cgi-bin/survey?id=105hix
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
