[prev in list] [next in list] [prev in thread] [next in thread]
List: turbine-user
Subject: Re: session.invalidate not working
From: Tony Oslund <tonyo () prepare-enrich ! com>
Date: 2012-07-18 20:30:45
Message-ID: 50071CF5.9040509 () prepare-enrich ! com
[Download RAW message or body]
I looked through some of my code and came across the following...
// invalidate the old session
data.getRequest().getSession().invalidate();
// use the sessionid from a newly created session
sessionId = data.getSession().getId();
In another instance I am also using a slightly different variation
try {
if (data.getResponse().isCommitted() == false) {
data.getResponse().sendRedirect(destination);
}
// invalidate this session since we are not
going to use it anyways
data.getRequest().getSession().invalidate();
return false;
} catch (IOException ex) {}
I have not had problems with either of these
However, I am currently running Tomcat 6.0...
Thinking years back... one thing I did run into with this had to do with
my setup in tomcat....
Within conf/server.xml (on my dev server) I use
<Context path="/webapp" docBase="webapp" crossContext="true">
Within WEB-INF/web.xml I use
<servlet>
<servlet-name>
webapp
</servlet-name>
<servlet-class>
org.apache.turbine.Turbine
</servlet-class>
...
</servlet>
<servlet-mapping>
<servlet-name>
webapp
</servlet-name>
<url-pattern>
/something/*
</url-pattern>
</servlet-mapping>
On 7/18/2012 12:58 PM, Asha N wrote:
> Hello,
>
> We are using Turbine with Velocity, Javascript and Java and Tomcat 7 as our
> server. I have a use case where the session needs to be invalidated after a
> user logs in. The things that I tried are:
> * Tomcat7 by default has it turned on, but it does not work. We have another
> system with Spring instead. That generates a new jsessionid without any
> issues.
> * I tried the following code just before the user gets authenticated via:
> TurbineSecurity.getAuthenticatedUser(username, password);
> my code:
> HttpSession session = data.getRequest().getSession(false);
> if (session!=null&& !session.isNew()) {
> session.invalidate();
> }
>
> data.getRequest().getSession(true);
>
> this does not work. I still get the same sessionid.
> I also tried:
>
> data.getSession().invalidate(), but that too does not seem to work.
>
> Any pointers or inputs are greatly appreciated.
>
> thanks in advance,
>
> Asha
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic