3 Replies Latest reply on Oct 11, 2006 2:07 PM by jmcollin92

Help with Logout

arvindsj Sep 22, 2006 2:23 AM

I have a struts application on JBOSS in whcih I have a logout button which points to "logout.do".

In the logout Action, I invalidate the session.

In my struts-config.xml i have this configuration for logout action:

<action
 path="/logout"
 type="com.myapp.actions.LogoutAction">
 <forward name="success" path="/home.html"/>
</action>

The reason I have the forward to "home.html" is because I want the user to come back to home once he logs back in.
I was hoping that JAAS security would kick in and show the login page after the user clicks on "logout" button.
But this does not happen. When the user clicks on "logout", the session is invalidated and the home.html page is shown to the user. Only when the user tries something on this page, he gets the login page.

Is there something wrong I am doing?

Please advise.

Thanks

1. Re: Help with Logout

jmcollin92 Sep 23, 2006 3:48 PM (in response to arvindsj)

I have exactly the same problem, but I'm not it has something to do with JBoss.
Actions
2. Re: Help with Logout

ivpotter Oct 10, 2006 8:53 AM (in response to arvindsj)

This is correct behaviour - the user has not requested the home page so declarative security will not kick in and they will be forwarded wherever your web app dictates, whether logged in or not. As soon as they try to access anything they ARE requesting a secured resource and declarative security DOES kick in.

HTH

Ivor
Actions
3. Re: Help with Logout

jmcollin92 Oct 11, 2006 2:07 PM (in response to arvindsj)

So the solution is to have a logout result page with a link to go back to the main page on user action and not to forward directly on the main page.
Actions

Go to original post