3 Replies Latest reply on Apr 29, 2005 7:24 AM by jjmargon

How to logout a user?

tosenthu May 26, 2004 3:31 AM

Hai,
Can any body tell me what i have to do to logout a user. i now simply say session.invalidate(), but when i try another user who is not authorised he gets the access and this happend when i even delete the previously logged in user from the database. does i need to do some other thing to make my logout work correctly.

1. Re: How to logout a user?

juha May 26, 2004 8:45 AM (in response to tosenthu)

Are you using FORM or BASIC web authentication? Session.invalidate() only works with FORM login.

When deleting users from the database, you'll need to flush the authentication cache. Search the forum for details on that.
Actions
2. Re: How to logout a user?

anbenham May 28, 2004 10:17 AM (in response to tosenthu)

what do you mean with deleting users from the database?

Do I have to delete the proncipals from the subject?

If yes is it safe to get the subject using SecurityAssociation.getSubject()?
Actions
3. Re: How to logout a user?

jjmargon Apr 29, 2005 7:24 AM (in response to tosenthu)
Hi.
I have the same problem.
I'm trying to code a logout function for my web application.
That is, I have a FORM authentication and when I have a user validated, I want to code a logout function.
But if I try to make a Session.invalidate() after a user has been validated, it doesn't work, because if I execute the next code:
request.getSession().invalidate(); System.out.println("The user is authenticated after session.invalidate():"); System.out.println( request.getUserPrincipal()!=null?"YES":"NO");

the standard output show me "YES".
Also, I tried a flush of the cache instead a session.invalidate(), but I think this is not the solution for this issue.
Thanks in adavance for any kind of comment.
Actions

Go to original post