You make a good point Tim. In my case I knew our app was the only one to
run on the server. Still it would probably be better to remove an
application specific value to indicate a "logged out" session.
Nonetheless, the JSDK docs say the following for HttpSession.invalidate():
Causes this representation of the session to be invalidated and removed
from its context.
Throws: IllegalStateException if an attempt is made to access session data
after the session has been invalidated
That is not what appears to happen unless I'm reading too much into what
this says. Anyone from the JSDK team care to comment?
Regards,
Bob
On Tuesday, March 30, 1999 4:12 PM, Timothy J Witte
[SMTP:[EMAIL PROTECTED]] wrote:
> Just keep in mind that the session object is shared by all
> servlets running within the same service. So if you have a user
> that is accessing two or servlets in the same web service they
> only have one session object. This is a great way for sharing
> Persistent objects (e.g. a client profile, DB Connection, etc.)
> where that is desirable. You need to decide in your case whether
> you want to invalidate the session object or to do a
> removeValue() on a servlet-specific key value.
>
> Hope this helps.
>
> Tim
>
> Bob Withers wrote:
> >
> > At 03:13 PM 3/30/99 -0500, you wrote:
> > >Hi gang,
> > > I am writing a logout servlet. Basically when the user is done
with
> > >processing he/she needs to be logged out. Any pitfalls i should avoid?
Help
> > >is greatly appreciated..Thanks.
> > >
> > >Amar..
> > >
> >
> > I wrote one of these and there really ins't much to it. I just called
> > HttpSession.invalidate() and redirected to our login screen. One thing
I
> > did run into was that while invalidate() removed all the values
attached to
> > the session it didn't seem to remove the session. In other words,
after
> > calling invalidate() and receiving another GET/POST request from the
same
> > client HttpSevletRequest.getSession(false) returned a session rather
than
> > null. I experienced this under both servletrunner and Jserv. I had to
> > perform an additional check for a session value our login servlet adds
to
> > insure the session was considered "logged in".
> >
> > Regards,
> > Bob
> >
> >
___________________________________________________________________________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > Resources: http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
