Re: session.invalidate not working

Wed, 18 Jul 2012 13:10:54 -0700

It appears as if you are invalidating the session for authentication reasons... is that correct?
It might make sense to simply track the users state within the current session. if they are authenticated assign them a role, set a duration for the tomcat session (for timeout purposes), etc. 


If they logout... you could certainly invalidate their session, or you 
could simply reduce their authentication level (remove the role(s)), etc.


...


Are you invalidating the session to improve the frequency at which 
session resources are reclaimed?



On 7/18/2012 2:59 PM, Tony Oslund wrote:

 data.getRequest().getSession().invalidate();

On 7/18/2012 2:32 PM, Asha N wrote:

It seems to work once after I rebuild and restart Tomcat. Any subsequent
tries, it does not work. I am not sure why. I used
data.getSession().invalidate(). I also noticed that the session id has

already changed by the time it got to that place. I am really 
confused as

what to do at this point. Is there any other approach I can take?

thanks,

Asha

Asha N wrote:

Hello,

We are using Turbine with Velocity, Javascript and Java and Tomcat 7 as
our server. I have a use case where the session needs to be invalidated
after a user logs in. The things that I tried are:
* Tomcat7 by default has it turned on, but it does not work. We have
another system with Spring instead. That generates a new jsessionid
without any issues.

* I tried the following code just before the user gets authenticated 
via:

TurbineSecurity.getAuthenticatedUser(username, password);
my code:

              HttpSession session = 
data.getRequest().getSession(false);

        if (session!=null&&  !session.isNew()) {
            session.invalidate();
        }

        data.getRequest().getSession(true);

this does not work. I still get the same sessionid.
I also tried:

data.getSession().invalidate(), but that too does not seem to work.

Any pointers or inputs are greatly appreciated.

thanks in advance,

Asha




---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]























					Reply via email to