views:

40

answers:

1

Hi Stackoverflow,

I'm developing some J2EE applications that should have common login point. My apps are hosted on GlassFish v3 application server.

There is web.xml based security with FORM method (a HTML form with "j_security_check" action) and JDBC Realm on PostgreSQL 8.4 datasource. It worked absolutely fine while GlassFish SSO was disabled.

Now SSO is enabled on GF's HTTP Service page and it really works fine when I need to log in. Each my application lets a logged user in. But here is another problem.

My logout servlet now works properly only when I click "logout" twice. After first "logout" click I stay logged in. Servlet code is below.

public class LogoutServlet extends HttpServlet {

@Override
protected void doGet(HttpServletRequest request,
        HttpServletResponse response) throws ServletException, IOException {

    //request.logout(); // tried this too
    request.getSession().invalidate(); // used to work properly
    response.sendRedirect("./"); // to welcome page
}

}

I would be pleased for some useful hints.

Thanks.

A: 

This page about Global Single Logout looks like it may be a good first hint. It implies that there is 'something more' than invalidating the session... but you know that at this point.

vkraemer