Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
749 views
in Technique[技术] by (71.8m points)

security - How to properly logout of a Java EE 6 Web Application after logging in

A pretty simple requirement. After logging into web J2EE 6 application, how can I have the user logout again?

Most (all?) the books and tutorials I have seen show how to add a login/loginerror page to their application and demonstrate the use of security principals/roles/realms etc using the "j_security_check" method - all good. But then it's not clear how to give the user the power to logout. Indeed, how can I force a logout after, say, the session times out, etc?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You should have logout servlet/jsp which invalidates the session using the following ways:

  • Before Servlet 3.0, using session.invalidate() method which invalidates the session also.
  • Servlet 3.0 provides a API method HttpServletRequest.logout() which invalidates only the security context and the session still exists.

And, the Application UI should be providing a link which invokes that logout servlet/jsp

Question: Indeed, how can I force a logout after, say, the session times out, etc?

Answer: The <session-timeout> in web.xml lets you define the timeout value after which the session will get invalidated by the server.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...