> I am trying to get a Login Servlet to work (like the one on p230 & 231
> of Jason Hunters book) The redirection works fine but after I log in I
> stay logged in. What can I do to end the session or Log Out?
>
> Thanks,
>
> Tom K.
>
Hi Tom,
All a servlet needs to do to end a session is to call the invalidate method
of the session
object. This means that the next call of req.getSession(true) will produce a
new session object.
The tricky bit is in knowing when to do this programmatically though. As web
servers are
stateless there is no concept of being logged in for a fixed session. The
reason is that
a client can simply surf off somewhere else just like that.
You are really up against it if you want to force someone to log out because
there is no
way to actually enforce it.
Your only hope of doing what you want is to track all links that you have
which point to sites
external to your own and invalidating sessions when those links are used.
This will have
the side effect of killing off sessions established in all windows of a
browser which were opened
when someone wants to surf out of your site via a link but keep the session
going in another window.
I don't wish to sound negative but I don't think you will be able to make
web server logouts work
with servlets (or in fact simple html with user authentification either)
unless you have users who
will 'obey' the rules about leaving your site.
Andy Bailey
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
