Hi there -
Thanks for the responses and sorry to get back to this - I haven't made any
progress and have had other problems (challenges?) to fix first!
I have a link to a logout servlet with the doGet() method below.
Using eclipse debugging shows that the session "isValid=false" on invalidate
correctly.
However clicking "back" on the browser creates a new session (with
"isValid=true")in my session handling function called from every page (except
logout):
public static HttpSession setSessionData (HttpServletRequest request)
{
HttpSession session = request.getSession(true);
if (session.getAttribute("viewmode") ==null) session.setAttribute("viewmode",
"B");
...
}
So it doesn't seem that invalidate() is destroying the authentication - only
clearing a session which can be recreated.
Should I check if the session is invalid and forward to my logout page if so,
or is there a way of invalidating the login info?
Can anyone shed some photons on this.
TC :5.0.19, Solaris 9, Mysql 4.something - JDBC Realm, SSL + filter giving
Cache-Control - private,no-cache,no-store
Chris Chappell
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession();
session.invalidate();
out.println(GeneralUI.htmlHeader());
out.println("<table width=100%><tr height=200 valign=center><td
align=center>Goodbye - you are now logged out</td></tr></table>");
out.println(GeneralUI.htmlFooter());
return;
}
On Tuesday 23 November 2004 17:09, Chris Chappell wrote:
> Hi there
Hi,
> Can anyone give me a pointer how to logout a JDBC Realm authenticated user
> without closing the browser. E.g. I need a log out button which forwards to
> a goodbye page and does something like this (fictitious)
> "userSession.expire();" I've had a trawl thriough the docs etc and nothing
> springs to obvious use. Using SSL though don't think this would change
> anything re this.
Just include this: <% session.invalidate(); %> it works on both 8080 (normal)
and 8443 (ssl) connections.
> (TC 5.0.19 on Sol9 + MySQL 4)
