Home/ Questions/Q 3605868
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T21:10:38+00:00

Apparantely liferay does not log the currently logged in user if you try to

  • 0

Apparantely liferay does not log the currently logged in user if you try to login again, and in fact even keeps the currently logged in user logged in.
So I’m trying to force a logout.

I tried:

request.getSession().invalidate();

But that does not seem to work besides somehow breaking the login functionality.

I was wondering if anyone has any other idea how to force a logout.

Edit:

try {
            HttpSession session = request.getSession();

            EventsProcessorUtil.process(PropsKeys.LOGOUT_EVENTS_PRE,
                    PropsUtil.getArray(PropsKeys.LOGOUT_EVENTS_PRE), request, response);

            String domain = CookieKeys.getDomain(request);

            Cookie companyIdCookie = new Cookie(CookieKeys.COMPANY_ID,
                    StringPool.BLANK);

            if (Validator.isNotNull(domain)) {
                companyIdCookie.setDomain(domain);
            }

            companyIdCookie.setMaxAge(0);
            companyIdCookie.setPath(StringPool.SLASH);

            Cookie idCookie = new Cookie(CookieKeys.ID, StringPool.BLANK);

            if (Validator.isNotNull(domain)) {
                idCookie.setDomain(domain);
            }

            idCookie.setMaxAge(0);
            idCookie.setPath(StringPool.SLASH);

            Cookie passwordCookie = new Cookie(CookieKeys.PASSWORD,
                    StringPool.BLANK);

            if (Validator.isNotNull(domain)) {
                passwordCookie.setDomain(domain);
            }

            passwordCookie.setMaxAge(0);
            passwordCookie.setPath(StringPool.SLASH);

            CookieKeys.addCookie(request, response, companyIdCookie);
            CookieKeys.addCookie(request, response, idCookie);
            CookieKeys.addCookie(request, response, passwordCookie);

            try {
                session.invalidate();
            } catch (Exception e) {
            }

            EventsProcessorUtil.process(PropsKeys.LOGOUT_EVENTS_POST,
                    PropsUtil.getArray(PropsKeys.LOGOUT_EVENTS_POST), request, response);
        } catch (Exception e) {
            try {
                PortalUtil.sendError(e, request, response);
            } catch (IOException e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            } catch (ServletException e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            }
        }

Gives noclassdeffounderrors on cookiekeys/processorserviceutil/… depending on which I replace with a more base level. (like processorserviceutil with a processorserviceimpl and copy the function code from proeccesorserviceutil).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    1) session.invalidate() only works if authentication is managed by the application server session, which it is not 😉

    2) regardless of whether you use Community or Enterprise edition, you should have enough source code to achieve whatever you want

    3) portal-ext.properties supports login chains as well as pre- and post-login hooks

    4) Logout calls com.liferay.portal.action.LogoutAction which contains a bunch of logic but without spoiling the ending it should give you enough to shake the other Liferay authentication parts lose.

    Hope this helps.

    • 0