tags:

views:

26

answers:

1
Q: 

Servlet session invalidate

Hello All:

I have 2 apps in 2 different servers - Tomcat(basically a .WAR file) and a EAR in jBoss.

EAR is a reusable app where I will authenticate the user and send back the control to the app on the Tomcat. While authenticating I am creating a session object on the jBoss app.

When I send back the control to the app on Tomcat I will ask the user if he wants to sign off the authenticating application. If the user pushes the "Yes" button I will have to logoff that user from the authenticating app

Questions

1) I read that Filter is the best way to invalidate the session. In my case since the authenticating app is intended to be used by more than 1 user how will the filter know which session it needs to invalidate?

2) Should I pass the session id created in the jBoss app to the Tomcat app so that when the user decides to sign off - I will need to pass back the same session id to the jBoss app for the Filter to invalidate?

A: 

You don't need a Filter. A simple Servlet will do:

public LogoutServlet extends HttpServlet {
    @Override
    public void doGet(...) {
       request.getSession().invalidate();
    }
}

Then map this servlet to /lougout in web.xml, and whenever the user wants to logout, he should be sent to http://youhost/yourapp/logout.

If you want to log him out when he is already working with the tomcat server, you'd need to redirect back to the JBoss server to invalidate the session there.

Note that request.getSession() gets the current session - i.e. the one that belongs to the user making the request. Your servlet container (server) handles this for you.

Bozho  2010-10-23 14:26:07
Thats OK but how will I track from which user the request has come from? Do I need to pass the session id (I know that its not safe doing that way).
sv1  2010-10-23 14:33:08
@sv1 - this is tracked by the server. The `request.getSession()` gives the current session.
Bozho  2010-10-23 14:35:13
Thanks!. I believe this should be good for any # of users across different application servers.
sv1  2010-10-23 14:38:36

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java