On Thu, 25 Jul 2002, Graham Lounder wrote:
> Date: Thu, 25 Jul 2002 11:19:30 -0300
> From: Graham Lounder <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: Struts Users Mailing List <[EMAIL PROTECTED]>
> Subject: Remote User and Logoff
>
> In my logoff action, I'm invalidating my session. The problem is, the
> getRemoteUser still returns the username when I forward to my jsp page.
> Once I process another request, the remote user is set to null.
>
Invalidating a session doesn't change the fact that the existing user was
authenticated for the entire length of the current request.
In Servlet 2.4, a new logout() method is being discussed that would
formalize logout semantics.
> Is there any way in my LogoffAction servlet to set the remote user to null
> before forwarding to the jsp page?
>
There is not a way to do that. I would suggest having your page look for
some session attribute to check for this scenario, because you will have
invalidated the old session and created a new one, and the attribute won't
be there.
> Graham
Craig
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
