6 Replies Latest reply on Nov 22, 2011 9:45 AM by jfclere

New session id is not getting generated after logout in Jboss.

srinu_ammina Nov 15, 2011 1:58 AM

We are using jboss-4.0.3SP1 application server and deployed our web application developed using java technology. Here issue we are facing is

same session id being shared by same/different users on successive login and logouts in a same browser window.

Means I log in to the system with one user and I navigated in the application and I logged out. After that If I login with the same/different user in the same browser window we are getting the same sessionid instead different session id, since user successfully logged out and relogin to the application.

We are using the below code to invalidate the session

1. session.invalidate();

After in validating the session if we print the value of the session by using the below line of code it is showing the old session id.

2. System.out.println("LOGOUT - Session Is invalidated.." + session.getId());

We used the next lines as

3. session = request.getSession(true);

4. System.out.println("LOGOUT - New Session Is after invalidated.." + request.getSession().getId());

We have used point 3 to get a new session but if we print the session id from that session it is showing the old session only.

Note: If we close the browser and reopen a new window and proceed then only new session is creating.

Could you please help us in resolving this issue.

1. Re: New session id is not getting generated after logout in Jboss.

jfclere Nov 16, 2011 9:26 PM (in response to srinu_ammina)

Well you create a new session using the old sessionid - I guess you have Path=/ in your cookie.
Actions
2. Re: New session id is not getting generated after logout in Jboss.

srinu_ammina Nov 17, 2011 1:17 AM (in response to jfclere)

Hi Thank you for the response, Yes I checked and it is true in the path it is showing as /
Somebody suggested that we need to change the emptySessionPath="false" [In our case it is true in server.xml file] and now new session is generating on successful login for each different user. After this change we are able to see the path as /<context-root>

Could you please let us know will this fix be ok?

Thanks for your support.
Actions
3. Re: New session id is not getting generated after logout in Jboss.

srinu_ammina Nov 22, 2011 2:33 AM (in response to srinu_ammina)

Hi could you please let us know about this fix is correct?

Thanks
Srinivasa Rao Ammina
Actions
4. Re: New session id is not getting generated after logout in Jboss.

jfclere Nov 22, 2011 3:25 AM (in response to srinu_ammina)

emptySessionPath="true" is only needed in case you are using portlets or share session id betweeen webapps.
Actions
5. Re: New session id is not getting generated after logout in Jboss.

srinu_ammina Nov 22, 2011 5:32 AM (in response to jfclere)

But if we want to share the session id between different web applications and need to have a new session generation
after every successful login what we need to do? With the above settings made, we cannot share the session between different
applications right? Could you please let us know how to handle this scenarios?
Actions
6. Re: New session id is not getting generated after logout in Jboss.

jfclere Nov 22, 2011 9:45 AM (in response to srinu_ammina)

hm look for sso doc then.
Actions

Go to original post