Re: Session is not destroyed during Logout

Fri, 15 Dec 2000 09:14:35 -0800 

"David S. Faller" wrote:
> 
> Is there a specific reason, that the session is not destroyed during logout?

Please see the following from Turbine.java.  Something like this should
probably be added to LogoutUser.java to cover the case you describe. 
It's possible that simply invalidating the session and starting new one
(possibly followed by a redirect,) may work.  I tried to do this in
Turbine.java prior to a LoginUser action, but had problems as shown in
the comments.  Removing all session objects should work as well.  Please
test your solution and submit a patch.

                // If a User is logging in, we should refresh the
                // session here.  Invalidating session and starting a
                // new session would seem to be a good method, but I
                // (JDM) could not get this to work well (it always
                // required the user to login twice).  Maybe related
                // to JServ?  If we do not clear out the session, it
                // is possible a new User may accidently (if they
                // login incorrectly) continue on with information
                // associated with the previous User.  Currently the
                // only keys stored in the session are "turbine.user"
                // and "turbine.acl".
                String[] names = data.getSession().getValueNames();
                if (names != null)
                {
                    for (int i=0; i< names.length; i++)
                    {
                        data.getSession().removeValue(names[i]);
                    }
                }


> 
> My problem is, that I store user data in the session, but after logout these
> user data are available to the 'default' user.
> I've done a patch, that creates a new session. I could send this patch if
> wanted.
> 
> My question: In the LogoutUser class some keys (username) are stored in the
> session. Does it break anything if I create a new session before?
> 
> cya,
> David
> 
> -----
> public void mystery_of_life()
> {
>     do
>     {
>         System.breatheIn();
>         System.breatheOut();
>     }
>     while( !dead );
> }
> 
> ------------------------------------------------------------
> To subscribe:        [EMAIL PROTECTED]
> To unsubscribe:      [EMAIL PROTECTED]
> Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
> Problems?:           [EMAIL PROTECTED]


------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?:           [EMAIL PROTECTED]

Reply via email to