Thank you for the response.
Is there a particular place that data.getSession().invalidate() needs to be
in, say after authentication or before authentication?
thanks again,
Asha
Asha N wrote:
>
> Hello,
>
> We are using Turbine with Velocity, Javascript and Java and Tomcat 7 as
> our server. I have a use case where the session needs to be invalidated
> after a user logs in. The things that I tried are:
> * Tomcat7 by default has it turned on, but it does not work. We have
> another system with Spring instead. That generates a new jsessionid
> without any issues.
> * I tried the following code just before the user gets authenticated via:
> TurbineSecurity.getAuthenticatedUser(username, password);
> my code:
> HttpSession session = data.getRequest().getSession(false);
> if (session!=null && !session.isNew()) {
> session.invalidate();
> }
>
> data.getRequest().getSession(true);
>
> this does not work. I still get the same sessionid.
> I also tried:
>
> data.getSession().invalidate(), but that too does not seem to work.
>
> Any pointers or inputs are greatly appreciated.
>
> thanks in advance,
>
> Asha
>
>
--
View this message in context:
http://old.nabble.com/session.invalidate-not-working-tp34180666p34181042.html
Sent from the Turbine - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
