Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
A pretty simple requirement. After logging into web J2EE 6 application, how can I have the user logout again?
Most (all?) the books and tutorials I have seen show how to add a login/loginerror page to their application and demonstrate the use of security principals/roles/realms etc using the “j_security_check” method – all good. But then it’s not clear how to give the user the power to logout. Indeed, how can I force a logout after, say, the session times out, etc?
You should have
logout servlet/jspwhich invalidates the session using the following ways:session.invalidate() methodwhich invalidates the session also.HttpServletRequest.logout()which invalidates only the security context and the session still exists.And, the Application UI should be providing a link which invokes that
logout servlet/jspQuestion: Indeed, how can I force a logout after, say, the session times out, etc?
Answer: The
<session-timeout>in web.xml lets you define the timeout value after which the session will get invalidated by the server.