7 Replies Latest reply on Oct 18, 2001 3:37 PM by pitdingo

    how do i log out from a servlet?

    pitdingo
    pitdingo Oct 15, 2001 2:06 PM

      how do i logout from a servlet?

      • 10230 Views
      • Tags:
        • 1. Re: how do i log out from a servlet?
          willievu
          willievu Oct 15, 2001 8:26 PM (in response to pitdingo)

          There is no logout per se provided by web container. You simply invalidate the HTTP session.

            • Actions
          • 2. Re: how do i log out from a servlet?
            pitdingo
            pitdingo Oct 17, 2001 9:04 AM (in response to pitdingo)

            The HttpSession has nothing to do with whether the user is authenticated or not; I can be logged into the system when the HttpSession is null.

            Anyone know how i can logout of the container when I am on a web page?

              • Actions
            • 3. Re: how do i log out from a servlet?
              willievu
              willievu Oct 17, 2001 10:34 PM (in response to pitdingo)

              If you invalidate HttpSession, web container kinda logout for you. If you access protected area again, the web container will ask you to login again.

                • Actions
              • 4. Re: how do i log out from a servlet?
                jwkaltz
                jwkaltz Oct 18, 2001 3:42 AM (in response to pitdingo)

                > The HttpSession has nothing to do with whether the
                > user is authenticated or not; I can be logged into
                > the system when the HttpSession is null.
                >
                > Anyone know how i can logout of the container when I
                > am on a web page?

                Do I understand you correctly: you mean you are "logged into" JBoss and want to log out in some servlet. But my understanding is you are never really "logged in" in JBoss. In fact, you are providing credentials in every call; if these credentials have already been verified then JBoss doesn't call the JAAS stuff again.
                So the question is, where are you keeping these credentials on the servlet side ? If it's in the http session then a call to session invalidate is actually enough.

                  • Actions
                • 5. Re: how do i log out from a servlet?
                  pitdingo
                  pitdingo Oct 18, 2001 8:56 AM (in response to pitdingo)


                  I guess i should have filled in some more information.

                  I have a web app. I login and submit to 'j_security_check'. My LoginModules execute and I am logged in. The user uses the app, (several web pages) and then wants to logout.

                  The login modules have no access to the HttpSession. If i invalidate the HttpSession, i can still access the secured pages. In fact, i do not even create a HttpSession in my app; it is stateless.



                    • Actions
                  • 6. Re: how do i log out from a servlet?
                    ikestrel
                    ikestrel Oct 18, 2001 12:32 PM (in response to pitdingo)

                    I just tried it when using Form based authentication, and after invalidating the session, I could no longer access the restricted pages.

                    My guess is you are using BASIC auth, correct? In which case the browser resends the user/password on each request--which means that even after invalidating the session, when you try to access the restricted page, the browser in effect logs you right back in again automatically. Could this be what's happening?

                      • Actions
                    • 7. Re: how do i log out from a servlet?
                      pitdingo
                      pitdingo Oct 18, 2001 3:37 PM (in response to pitdingo)

                      i just tried it again and it worked. i have been fighting with this JAAS stuff too long!!!!!!!! Thanks for your help.

                        • Actions