You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Yan Hu <ya...@yahoo.com> on 2005/04/25 01:41:24 UTC
A simple question about logging out
Hi:
I came across a couple of articles about logout on the Web. They all do something like
session.removeAttribute("user");
session.invalidate();
Can I just use session.invalidate()? Would "user" be destroyed automatically when the session is
invalidated?
Thanks. By the way, i would rather gawk at gals than listen to my own rants if any.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: A simple question about logging out
Posted by Craig McClanahan <cr...@gmail.com>.
On 4/24/05, Yan Hu <ya...@yahoo.com> wrote:
> Hi:
> I came across a couple of articles about logout on the Web. They all do something like
> session.removeAttribute("user");
> session.invalidate();
> Can I just use session.invalidate()? Would "user" be destroyed automatically when the session is
> invalidated?
Yes, you are technically accurate -- the "user" attribute will get
thrown away, and (if the user attempts to continue and starts a new
session) he or she will appear to not be logged in because the new
session will not have such a user object.
That being said, I personally encourage developers to explicity delete
anything they have put into the session, as a specific case of a
general principle that many of us teach our kids: "clean your bedroom
before you go play." :-). In this particular case, it is important
for developers to understand that registering things in session scope
has scalability and performance impacts -- and that, in nearly every
case, there should be a removeAttribute() statement that corresponds
to the setAttribute() statement that added it. Also, you should
strive to delete session scope objects as quickly as you no longer
need them.
Yes, the container will pick up your toys for you when the session
expires, but depending on this tempts you towards laziness (and, of
course, an exasperated parent :-).
Craig
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org