3 Replies Latest reply on Nov 30, 2005 7:54 PM by julien1

SessionInvalidatorInterceptor.signOut();

schnelzer Nov 30, 2005 11:13 AM

I saw the new method for logging out in SessionInvalidatorInterceptor

public static void signOut()
 {
 localSignOut.set(Boolean.TRUE);
 }

Could I add a servlet to the portal-server.war that does nothing but call the SessionInvalidatorInterceptor.signOut()? I'll point a logout button in the theme to this servlet in the portal-server.war. Does that sound reasonable?

1. Re: SessionInvalidatorInterceptor.signOut();

julien1 Nov 30, 2005 11:43 AM (in response to schnelzer)

you need to traverse the interceptor in order to have the signout action be taken in account as the signout is done when the method call goes back in the interceptor chain. (that's why there is a localSignOut, set when the interceptors is traversed)

maybe it's possible to extract code to make this happen without that but now I don't have time to look at it :-(
Actions
2. Re: SessionInvalidatorInterceptor.signOut();

bsmithjj Nov 30, 2005 3:25 PM (in response to schnelzer)

This is to logout someone from the portal?

What happened to session.invalidate()?

seems like session.invalidate() (for container-managed authentication) is the simplest way to go.
Actions
3. Re: SessionInvalidatorInterceptor.signOut();

julien1 Nov 30, 2005 7:54 PM (in response to schnelzer)

session invalidate does not invalidate properly a user.

resp.signOut() invalidate all the session that a user has used.
Actions

Go to original post