dev@glassfish.java.net

Re: Web-application logout

From: Skanda Prasad <skanda.prasad.ganapathy_at_ericsson.com>
Date: Wed, 21 Oct 2009 21:25:52 -0700 (PDT)

Hi,

I'm currently facing the same problem of session not being
invalidated(notified to the browser) on server/domain restart... Is there
any solution for this issue???

Further i was unable to open the following link :

https://glassfish.dev.java.net/issues/show_bug.cgi?id=834

Regards,
Skanda


jluehe wrote:
>
> Hi Dmitry,
>
> Dmitry Mozheyko wrote On 08/03/06 04:05,:
>
>>Hello all.
>>I try to code logout servlet but request.getSession().invalidate() not
works: browser "remember" old entered principal.
>>I read some blogs and insert this code before session-invalidating:
>>
>> response.setHeader("Cache-Control","no-cache,post-check=0,pre-check=0,no-store,private");
>> response.setDateHeader("Expires", new Date().getTime() - 1);
>> response.setHeader("Pragma","no-cache");
>>but the result has not changed.
>>
>>
>
> the just promoted b11 contains a fix for a somewhat related issue:
>
> https://glassfish.dev.java.net/issues/show_bug.cgi?id=834
> ("Sessions not invalidated on Redeploy")
>
> However, this issue has not applied to the case where a session is being
> explicitly invalidated (by calling session.invalidate()), which is what
> you are
> doing: In this case, all interested session listeners (including SSO)
> have always
> been notified of the session being destroyed.
>
> Also notice that even though a session has been invalidated, its
> JSESSIONID will still be returned to the client in a response cookie
> (this is because the response cookie is added at the time the session
> is created), but a subsequent client request carrying this cookie will
> not be able to resume the session, since the session was purged from
> SSO and the webapp's session manager. We're working on an optimization
> that will delay the addition of the response cookie to the time the
> response is committed, and add the cookie only if the session is still
> valid.
>
>
> Jan
>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>
>
> 

-- 
View this message in context: http://www.nabble.com/Web-application-logout-tp5630487p26003881.html
Sent from the java.net - glassfish dev mailing list archive at Nabble.com.
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.