3 Replies Latest reply on Apr 29, 2005 7:24 AM by jjmargon

    How to logout a user?

    Senthil Kumar M Rangaswamy Newbie

      Can any body tell me what i have to do to logout a user. i now simply say session.invalidate(), but when i try another user who is not authorised he gets the access and this happend when i even delete the previously logged in user from the database. does i need to do some other thing to make my logout work correctly.

        • 1. Re: How to logout a user?

          Are you using FORM or BASIC web authentication? Session.invalidate() only works with FORM login.

          When deleting users from the database, you'll need to flush the authentication cache. Search the forum for details on that.

          • 2. Re: How to logout a user?
            anis Newbie

            what do you mean with deleting users from the database?

            Do I have to delete the proncipals from the subject?

            If yes is it safe to get the subject using SecurityAssociation.getSubject()?

            • 3. Re: How to logout a user?

              I have the same problem.
              I'm trying to code a logout function for my web application.
              That is, I have a FORM authentication and when I have a user validated, I want to code a logout function.
              But if I try to make a Session.invalidate() after a user has been validated, it doesn't work, because if I execute the next code:

              System.out.println("The user is authenticated after session.invalidate():");
              System.out.println( request.getUserPrincipal()!=null?"YES":"NO");

              the standard output show me "YES".
              Also, I tried a flush of the cache instead a session.invalidate(), but I think this is not the solution for this issue.
              Thanks in adavance for any kind of comment.