When the user clicks a logout link, it’s easy to clear the current database’s

Question

0

Asked: May 30, 20262026-05-30T15:06:19+00:00 2026-05-30T15:06:19+00:00

When the user clicks a logout link, it’s easy to clear the current database’s

0

When the user clicks a logout link, it’s easy to clear the current database’s sessionScope map:

var iterator=sessionScope.keySet().iterator();
while (iterator.hasNext()) {
  sessionScope.remove(iterator.next());
}

But this only clears the sessionScope variables for the current NSF, not for all NSFs on the server. So if they then log in as a different user and navigate to other NSFs that they have previously accessed during that browser session, the browser session still picks up the sessionScoped variables for the previously logged on user.

If the application spans multiple NSFs, how do you clear the browser’s session from all NSFs on the server?

UPDATE

After discussions, I got a hold of the session from facesContext.getExternalContext().getRequest().getSession(false) and then called the invalidate() method on it. That didn’t work, it still has the same session ID and the scoped variables are retained. I think Declan’s idea of the cookie is the cause. I believe that is used by the Notes Client quite heavily too.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-30T15:06:20+00:00

Editorial Team

2026-05-30T15:06:20+00:00Added an answer on May 30, 2026 at 3:06 pm

There is a session cookie called ‘sessionID’ on the browser side.

What happens if you invalidate/clear that cookie during the logout process?

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

When the user clicks a logout link, it’s easy to clear the current database’s

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply