2 Replies Latest reply on Apr 1, 2002 7:43 PM by wchao

Logout with web container-managed security

wchao Mar 30, 2002 9:04 PM

I've looked around here and on the struts mailing list and have found some conflicting advice on how to log out a user when using container-managed security and form-based login. I'm running JBoss 3.0 beta with Tomcat 4.0.2. Some people have said session.invalidate() will log out the user, but this doesn't seem to work. I get the following error when I try it:

ApplicationDispatcher[/rmjobs] Servlet.service() for servlet jsp threw exception
java.lang.IllegalStateException: getAttribute: Session already invalidated

This leads me to believe that JBoss/Tomcat is not using the session to store the authentication information. Does anyone have a good way of logging the user out that is also portable to other app servers? I'd settle for something that works with JBoss/Tomcat right now, since I can't even get that to work at the moment.

1. Re: Logout with web container-managed security

luke_t Apr 1, 2002 4:35 PM (in response to wchao)

When does the exception get thrown? And where from - what's the stacktrace in the server log? Does it work with other versions of JBoss/Tomcat?
Actions
2. Re: Logout with web container-managed security

wchao Apr 1, 2002 7:43 PM (in response to wchao)

I figured it out. I was using struts. The struts html package makes use of the session object I think. Since I didn't really need to use struts on that page, I removed it and that solved the problem. I was able to invalidate the session, and that logged out the user.
Actions

Go to original post