This content has been marked as final.
Show 3 replies
-
1. Re: How to logout a user?
juha May 26, 2004 8:45 AM (in response to tosenthu)Are you using FORM or BASIC web authentication? Session.invalidate() only works with FORM login.
When deleting users from the database, you'll need to flush the authentication cache. Search the forum for details on that. -
2. Re: How to logout a user?
anbenham May 28, 2004 10:17 AM (in response to tosenthu)what do you mean with deleting users from the database?
Do I have to delete the proncipals from the subject?
If yes is it safe to get the subject using SecurityAssociation.getSubject()? -
3. Re: How to logout a user?
jjmargon Apr 29, 2005 7:24 AM (in response to tosenthu)Hi.
I have the same problem.
I'm trying to code a logout function for my web application.
That is, I have a FORM authentication and when I have a user validated, I want to code a logout function.
But if I try to make a Session.invalidate() after a user has been validated, it doesn't work, because if I execute the next code:request.getSession().invalidate(); System.out.println("The user is authenticated after session.invalidate():"); System.out.println( request.getUserPrincipal()!=null?"YES":"NO");
the standard output show me "YES".
Also, I tried a flush of the cache instead a session.invalidate(), but I think this is not the solution for this issue.
Thanks in adavance for any kind of comment.