RE: Invalidating sessions and container auth.
Hi, I used the code below; the extra step may give the container a chance to really invalidate the session before redirecting to the loggedOut.jsp. Your action mapping looks the same(ish) as mine. HttpSession session = request.getSession (false); if (session != null) { session.invalidate(); } Jon. -Original Message- From: Torsten Terp [mailto:[EMAIL PROTECTED]] Sent: 22 June 2001 14:37 To: [EMAIL PROTECTED] Subject: RE: Invalidating sessions and container auth. Hi, I have the same problem (running Jetty as the servlet container) Did you solve buy doing like below: Unfurtunately this does not have any effect on my logout :-( All my logout action does is call session.invalidate(), is this how it works for you? Thanks... ^terp -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 2:37 PM To: [EMAIL PROTECTED] Subject: RE: Invalidating sessions and container auth. Hi All, Just to let you know in case anyone ever has a similar problem, I found a solution to the problem outlined below. Just had to add a redirect="true" to the local forward in the ActionMapping for my LogoutAction. I guess using a redirect forces the container auth mechanism to check things. Jon. -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 21 June 2001 15:27 To: [EMAIL PROTECTED] Subject: Invalidating sessions and container auth. Hi All, This isn't a struts specific question, but someone may have an answer... I'm using form based auth in my Struts based app and I need an option to log user out. Right now my LogoutAction perform method calls request.getSession (false).invalidate(). The problem is that the container (in this specific case Tomcat 3.2.1) doesn't recognize that the user has been logged out. As no attempt is made to re-auth them. Is there a standard Java way to log a user out and force a container to re-auth ? Jon.
RE: Invalidating sessions and container auth.
Hi All, Just to let you know in case anyone ever has a similar problem, I found a solution to the problem outlined below. Just had to add a redirect="true" to the local forward in the ActionMapping for my LogoutAction. I guess using a redirect forces the container auth mechanism to check things. Jon. -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 21 June 2001 15:27 To: [EMAIL PROTECTED] Subject: Invalidating sessions and container auth. Hi All, This isn't a struts specific question, but someone may have an answer... I'm using form based auth in my Struts based app and I need an option to log user out. Right now my LogoutAction perform method calls request.getSession (false).invalidate(). The problem is that the container (in this specific case Tomcat 3.2.1) doesn't recognize that the user has been logged out. As no attempt is made to re-auth them. Is there a standard Java way to log a user out and force a container to re-auth ? Jon.
Re: Invalidating sessions and container auth.
On Thu, 21 Jun 2001, Jon.Ridgway wrote: > Hi All, > > This isn't a struts specific question, but someone may have an answer... > > I'm using form based auth in my Struts based app and I need an option to log > user out. Right now my LogoutAction perform method calls request.getSession > (false).invalidate(). The problem is that the container (in this specific > case Tomcat 3.2.1) doesn't recognize that the user has been logged out. As > no attempt is made to re-auth them. Is there a standard Java way to log a > user out and force a container to re-auth ? > Make sure that you invalidate the session *before* the response has been committed. Otherwise, the cookie deletion (which is necessary to implement the session invalidation) is ignored, because the HTTP headers will have already been sent. > Jon. > Craig