Reputation: 415
request.getSession(false).invalidate not work after logout
I have a webproject with tomcat, java, jsp, servlets. If i logout on my webproject frontend, i want to destroy all sessions. But the following code doesn' work. I expect that all session are destroyed and that if i logout, i have to authentificate in next step with my user and passwort as normal. Thank you for your help.
if(lstrAction!=null && lstrAction.equals(ApplicationConstants.LOGOUT)){
HttpSession session = request.getSession(false);
if(session != null){
session.invalidate();
session = request.getSession(false);
}
}
I have debug my project, and i found tha the session is not null after the last line.
Upvotes: 3
Views: 3590
Answers (3)
Reputation: 1
This might help
if(request.getSession(false) != null){
request.getSession(false).invalidate();
request.getSession();
}
false - to get the existing session, If no session found it returns null; after invalidation you have to create a new session. So false is not required while creating a new session after invalidation.
Upvotes: 0
Reputation: 487
session.invalidate();
session = request.getSession(false);
Here after invalidate of session you are reassign the session. In this point it will not be null. You need to do a null checking to find session is null or not.
Upvotes: 0
Reputation: 1
try this code. It surely works for you.
Cookie c[]=request.getCookies(); if(c==null){ response.sendRedirect("index.jsp"); } else { session.removeAttribute(c[0].getValue()); response.sendRedirect("index.jsp"); }
Upvotes: -1
Related Questions
- JSP Servlet session invalidate() does not make session null
- JSP session.invalidate() vs request.logout()
- Spring Security Logout session is not invalidated
- Logout code in JSP
- How to properly invalidate JSP session?
- Java Session invalidate and timeout does not work
- JSP session invalidation doesn't work
- Logout code needed
- request.getSession(false) not returning null after calling session.invalidate()
- Invalidate Session in JSP