3

I have a webproject with tomcat, java, jsp, servlets. If i logout on my webproject frontend, i want to destroy all sessions. But the following code doesn' work. I expect that all session are destroyed and that if i logout, i have to authentificate in next step with my user and passwort as normal. Thank you for your help. 

if(lstrAction!=null && lstrAction.equals(ApplicationConstants.LOGOUT)){

            HttpSession session = request.getSession(false);
            if(session != null){
                session.invalidate();
                session = request.getSession(false);
            }

        }

I have debug my project, and i found tha the session is not null after the last line.

java java
  • 405
  • 1
  • 11
  • 25
  • 1
    Does the session also still contain all variables which was stored in it? – Uooo Jun 20 '13 at 11:38
  • check this link: http://stackoverflow.com/questions/3960711/how-can-i-expire-all-my-sessions-in-tomcat –  Jun 20 '13 at 11:38
  • `session.getId()`? The essential thing, is that in the next request there is no session. – Joop Eggen Jun 20 '13 at 11:45
  • as @w4rumy said , is there also paramaeters values in the session , because when you intantiate the session object by lat line it may create an empty session – Hussain Akhtar Wahid 'Ghouri' Jun 20 '13 at 11:48
  • I guess `session = request.getSession(false);` gives you a session, but an invalid one. – Uooo Jun 20 '13 at 11:53
  • 1
    Why are you calling `session.get(false)` twice? Remove the second call and set your `session` variable to `null`. – user207421 Jun 20 '13 at 12:01
  • @EJP: Why to set the Session explicitly null. After calling session.invalidate() the session object with key session.getIdInternal(), is removed from the Map of sessions according to tomcat implementation. – Vaibhav Raj Jun 20 '13 at 12:31

2 Answers2

0
session.invalidate();
session = request.getSession(false);

Here after invalidate of session you are reassign the session. In this point it will not be null. You need to do a null checking to find session is null or not.

Niju
  • 487
  • 1
  • 9
  • 18
-1

try this code. It surely works for you.

Cookie c[]=request.getCookies(); if(c==null){ response.sendRedirect("index.jsp"); } else { session.removeAttribute(c[0].getValue()); response.sendRedirect("index.jsp"); }

Abhishek Kulahari
  • 1
  • 1