• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

strange experience with trying to invalidate a session

 
Amit Batra
Ranch Hand
Posts: 361
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a JSP that collects a username and pass and sends to a Loginservlet and changes its look depending on if its a sigin in or log out. below is the code.




the servlet adds a 'loggedIn' variable and a user object variable onto the session. below is the code:
.


When the user clicks the logout , the logout servlet deletes the attributes and invalidates the session. code below


the oddity is that the servlet didint remove the user object attribute from the session but it did the loggedIn string when I logged out.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65120
91
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Before you do anything else, remove this logic from a JSP and put it into a servlet or filter where it belongs.

And the following:

<%! User user=null;%>

is a huge problem. This makes your JSP non-thread-safe as every concurrent request made to your JSP will share the same user variable.

Avoid these pitfalls by only using JSPs for the purpose they are intended for: renderrring the display. Perform all processing and decision making outside of JSPs.
 
Amit Batra
Ranch Hand
Posts: 361
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think you're absolutely right Bear. The code ran fine the first couple of time I tried it, but it bombed soon enough and got me back to square one. Thanks alot for the tip.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic