2 Replies Latest reply on Apr 1, 2002 7:43 PM by Wellie Chao

    Logout with web container-managed security

    Wellie Chao Newbie

      I've looked around here and on the struts mailing list and have found some conflicting advice on how to log out a user when using container-managed security and form-based login. I'm running JBoss 3.0 beta with Tomcat 4.0.2. Some people have said session.invalidate() will log out the user, but this doesn't seem to work. I get the following error when I try it:

      ApplicationDispatcher[/rmjobs] Servlet.service() for servlet jsp threw exception
      java.lang.IllegalStateException: getAttribute: Session already invalidated

      This leads me to believe that JBoss/Tomcat is not using the session to store the authentication information. Does anyone have a good way of logging the user out that is also portable to other app servers? I'd settle for something that works with JBoss/Tomcat right now, since I can't even get that to work at the moment.