-
1. Re: Logout with web container-managed security
dannz89 Apr 2, 2002 11:42 AM (in response to wchao)I have a similar problem (although that's not what you wanted to hear right?)
I am using JBoss 2.4.4/Tomcat4.0.1. I have deployed a WAR file (e.g. mywar.war) which is a standard webapp using JSP/FORM based logon.
It logs in and starts an applet.
As soon as the applet tries to call on the servlet, the servlet says it has an invalid session.
Under Apache/Tomcat, it works fine.
The servlet is using the following code to test the validity of the session:
if (! req.isRequestedSessionIdValid() || req.getRemoteUser() == null || req.getSession(false) == null)
{
//return session status
...
}
Any feedback would be welcome. :-) -
2. Re: Logout with web container-managed security
wchao Apr 2, 2002 1:04 PM (in response to wchao)I actually figured mine out. I am using struts and tiles. It turned out that I was inadvertently referencing the session object because struts and/or tiles were using the session. In order to fix the problem, I ended up creating a request-scope attribute named doSessionInvalidate and then at the very end of the processing I check if it is true. If so, I invoke session.invalidate(). Hope this helps.
-
3. Re: Logout with web container-managed security
dannz89 Apr 4, 2002 3:00 AM (in response to wchao)Unfortunately not. I have handling to check the validity of the session and this seems to work. I get past the login page then as soon as my Applet tries to call my Servlet, the session has expired/invalidated.