You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John McPeek <sp...@bellsouth.net> on 2006/11/03 06:09:49 UTC
FORM based authentication LOGOUT
Hi,
I have written a JAAS LoginModule and use it with FORM based
authentication. Everything works fine, except I can't figure out how to
log a user out. I have tried to invalidate the session and get a new
one. No Dice. I did a search on the source and didn't find much. There
are articles on the net from around the time servlet 2.4 came out
talking about a logout() method. However, when I look in the servlet
javadocs there is nothing of the sort. Someone please tell me there is
an answer to this.
Thanks
John McPeek
Re: FORM based authentication LOGOUT
Posted by Christopher Schultz <ch...@christopherschultz.net>.
John,
> When I call request.getUserPrincipal(); I still get the Principal back
> and I can still call request.isUserInRole( "Foo" ); and get a valid
> response for the currently logged in user.
Are you checking those values during the same request in which you
killed the session? It's possible that the request needs to be recycled
(or a new session created) before getUserPrincipal and isUserInRole will
return different values. Just a thought?
-chris
>
> John
>
>>> From: John McPeek [mailto:spambomb@bellsouth.net] Subject: FORM based
>>> authentication LOGOUT
>>>
>>> I have tried to invalidate the session and get a new one.
>>> No Dice.
>>>
>>
>> When you say "No Dice", what actually happens?
>>
>> All the admin app for Tomcat does is the following, which seems to work:
>>
>> HttpSession session = request.getSession();
>> session.invalidate();
>> session = request.getSession(true);
>>
>> - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail
>> and its attachments from all computers.
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>>
>
>
Re: FORM based authentication LOGOUT
Posted by John McPeek <sp...@bellsouth.net>.
When I call request.getUserPrincipal(); I still get the Principal back
and I can still call request.isUserInRole( "Foo" ); and get a valid
response for the currently logged in user.
John
>>From: John McPeek [mailto:spambomb@bellsouth.net]
>>Subject: FORM based authentication LOGOUT
>>
>>I have tried to invalidate the session and get a new one.
>>No Dice.
>>
>>
>
>When you say "No Dice", what actually happens?
>
>All the admin app for Tomcat does is the following, which seems to work:
>
> HttpSession session = request.getSession();
> session.invalidate();
> session = request.getSession(true);
>
> - Chuck
>
>
>THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>MATERIAL and is thus for use only by the intended recipient. If you
>received this in error, please contact the sender and delete the e-mail
>and its attachments from all computers.
>
>---------------------------------------------------------------------
>To start a new topic, e-mail: users@tomcat.apache.org
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>
RE: FORM based authentication LOGOUT
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: John McPeek [mailto:spambomb@bellsouth.net]
> Subject: FORM based authentication LOGOUT
>
> I have tried to invalidate the session and get a new one.
> No Dice.
When you say "No Dice", what actually happens?
All the admin app for Tomcat does is the following, which seems to work:
HttpSession session = request.getSession();
session.invalidate();
session = request.getSession(true);
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org