• Post Reply Bookmark Topic Watch Topic
  • New Topic

Log out when using form based authentication  RSS feed

 
Calina Cazangiu
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
How do I log out and then log in again when I use a form to authenticate the user? I cannot call the login form directly, and the only time this form is called is when the session has timed out, but not when I do session.invalidate().
Thanks,
Calina
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The code used to explicitly log a user out depends on the server you use. In WebSphere it is (something like) new SSOAuthenticator().logout(request, response). I believe the function is missing in Tomcat, and I forget what it is in WebLogic.
Some also offer a second method by having the user post a request to j_logout_servlet (or somethhing like that) in the same way that form based authentication uses j_login_servlet to log the user in.
When the container provides a programatic method to log a user out, they usually provide a similar way to programatically log them in.
You'd have to give me more info if you want something more specific than that.
Dave
 
R K Singh
Ranch Hand
Posts: 5390
1
Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Calina Cazangiu:
Hi,
How do I log out and then log in again when I use a form to authenticate the user? I cannot call the login form directly, and the only time this form is called is when the session has timed out, but not when I do session.invalidate().
Thanks,
Calina

I think it should use again Form Authentication (even if you are using servlets2.2 form authentication) when you invalidate session.
Which server are you using ??
I think ur session checking is not proper.
You must be using req.getSession(true) and then not checking properly the userid.
 
Calina Cazangiu
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, guys!
I use Tomcat. I'll try the method that David suggested.
Calina
 
Calina Cazangiu
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ravish,
I don't follow you. Are you saying that after I do session.invalidate() I need to do request.getSession(true) and go to the entry page and this will take me to the login page? I don't see how this would work.
thanks,
Calina
 
R K Singh
Ranch Hand
Posts: 5390
1
Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Calina Cazangiu:
Ravish,
thanks,
Calina

I am saying that use session.getSession(false).
It will return session object only if already session is created.
If you say session.getSession(true) it will create session if session already does not exist.
So it is always good to use session.getSession(false) once you have created session.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!