How to logout the session in java

Question

public class LogoutController1 extends HttpServlet {
    private static final long serialVersionUID = 1L;

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {


        HttpSession session = request.getSession(false);

        if(session!=null){

            session.invalidate();
            session=null;
        }
        request.getRequestDispatcher("Login.jsp").forward(request,response);
    }
}

My website is allowing multiple logins at the same time with similar and different accounts as well.I tried session validation for every login,but it is not working.Please help me to solve this issue regarding my website.
This is code is already given in this website.I tried with the same code but it is not working.What is the problem please give me the solution.

what attribute are you setting? I dont see any attribute against which you are performing authentication? — Anant Laxmikant Bobde, Apr 18 '16 at 06:06

score 0 · Answer 1 · edited Apr 26 '16 at 03:15

You need to set an attribute for authentication.

Login.java

public class Login extends HttpServlet {
    private static final long serialVersionUID = 1L;
    public Login() {
        super();
    }
    Connection conn = null;
    String next="login.jsp";
    String uname,pwd;

    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        uname=request.getParameter("username");
        pwd=request.getParameter("password");
        HttpSession session = request.getSession(true);
        try
        {
            Class.forName("com.mysql.jdbc.Driver");
            conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/intranet","root","root");
            Statement stmt=conn.createStatement();
            ResultSet rs=stmt.executeQuery("select * from login where username='"+uname+"' and password='"+pwd+"' ");
            if(rs != null){
                Member mem = new Member();
                if(rs.next()) 
                {
                    mem.setId(rs.getLong("id"));
                    mem.setFirstName(rs.getString("username"));
                    mem.setEmail(rs.getString("email"));
                    session.setAttribute("user", mem);
                    next = "index.jsp";
                }
                else
                {
                    next = "login.jsp";
                }
            }
        }
        catch(Exception ex)
        {
                System.out.println(ex);
        }
        finally
        {
            try {
                conn.close();
            } catch (SQLException e) {
                e.printStackTrace();
            }
            response.sendRedirect(next);
        }
    }
}

Logout.java

public class Logout extends HttpServlet {
    public Logout() {
        super();
    }
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        HttpSession session = request.getSession();
        if(session.getAttribute("user") != null){
            session.removeAttribute("user");
            response.sendRedirect("login.jsp");
        }
    }

how i have to use next.Whether i have to create local variable or not? — Manjunath, Apr 19 '16 at 05:42
@Manjunath Yeah, you have to create a local variable for next. I have edited the answer. — Prathna, Apr 20 '16 at 06:26

score 0 · Answer 2 · answered Apr 18 '16 at 07:43

Your code shows only logic of Logout controller. Make sure there is some logic for Logincontroller which checks whether there is a session running and if so, invalidate the current session. This can be done by saving some attirbute/flag in log out controller and retrieving it in login controller(validate the flag/attribute) and proceed accordingly.

How to logout the session in java

2 Answers2