0 Replies Latest reply on Dec 12, 2007 8:27 AM by Marimuthu B

    Manage the HttpSession

    Marimuthu B Newbie

      Hi,

      We have AuthenticationFilter for our application. Each request from any portal page of our application is going through AuthenticationFilter.
      We are getting forbidden error for the following scenario
      Open new browser login to application using user name called “X�. Login is success and user is directed to user home page. Close the browser
      Open new browser login to application using user name called “Y�. Here we getting
      Forbidden error instead of redirecting to user home page

      We are managing the HttpSession as follows for each scenario.

      User Login:
      =============
      // To get the session
      HttpSession session = request.getSession();
      // To set any value
      request.getSession().getServletContext().getContext("/portal")
      .setAttribute(key,value);
      // Forward to user home page
      RequestDispatcher rd = request.getSession().getServletContext() .getContext("/portal").getRequestDispatcher(
      resUrl.toString());

      rd.forward(request, response);

      Subsequent request after login :
      ========================
      HttpSession session = req.getSession();


      User logout:
      ============
      // to remove any value
      req.getSession().getServletContext().getContext("/portal")
      .removeAttribute(key)
      // to invalidate the session
      req.getSession().invalidate();


      Please help us to resolve the issue

      Regards
      Marimuthu