Thanks Nic,
I found something. This is the section that is failing. When the servlet
executes this, it sends the message "Invalidating session" to the server
console. But next time I run the servlet the session is still there and no
new session is created. Of course, I don't want this.
...
if (action.equals("logout")) {
session.invalidate();
System.out.println("Invalidating session ... ");
String url = "/logout.jsp";
RequestDispatcher dispatcher =
servletContext.getRequestDispatcher(url);
dispatcher.forward(request, response);
}
...
I tried the following, leaving out RequestDispatcher, and everything works
fine. That means, the session is really invalidated and the next time I use
the servlet a new session is created.
...
if (action.equals("logout")) {
session.invalidate();
System.out.println("Invalidating session ... ");
}
...
So, I don't know why these lines are causing the problem. Any hint?
String url = "/logout.jsp";
RequestDispatcher dispatcher =
servletContext.getRequestDispatcher(url);
dispatcher.forward(request, response);
Thanks,
Benjamin
-----Original Message-----
From: Nic Ferrier [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 29, 2001 6:13 PM
To: [EMAIL PROTECTED]
Subject: Re: Invalidate or finish session
>>> "Nevarez, Benjamin" <[EMAIL PROTECTED]> 30-May-01
12:50:23 AM
>But if, for any reason, the user logout and then login
>again using the same browser session, it looks like the
>servlet is not creating a new session, but using the old
>one.
>What I am doing wrong?
Hmm... what you describe shouldn't happen (I guess you knew that
/8-). I'm not really clear on what you're saying though.
The server and browser communicate about the session in one of
several ways, are you using the most common form which is cookies?
If so I think your server might be at fault if things are happening
as you say. But check your understanding of what's going on because
server error these days is unusual.
Briefly this is how the server deals with session invalidation using
cookies:
- if the session has been invalidated during the request and no
further session created during the request the server just sends a
timeout for the session cookie
- if the session has been invalidated during the request and a new
session has been created during the same request then the server sends
a timeout on the invalidated session's cookie and a new cookie for the
new session. These are sent in a specific order otherwise some
browsers don't get the new cookie.
If you go through what's happening and still can't work it out you
should post a more detailed explanation of what you think is happening
before we'll be able to help you with any confidence.
Nic Ferrier
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
