Reputation: 3722
JSF authentication logout
I know that this question seems to be answered by a lot of other threads, but I can't find a solution with JSF 2.0 with Glassfish 3.0.1 for logout an user. I tried either with a BASIC authentication and FORM authentication using j_security_check as action. But for the logout method I can't find any of them that works.
I tried using a servlet with session.invalidate(), i used a managed bean tring to invalide the session, but nothing happened. I also tried with j_security_logout without success.
Does someone know what I can do for logout an user?
Upvotes: 2
Views: 4833
Answers (1)
Reputation: 1108712
Calling session.invalidate() should work.
Your problem is probably that you used the browser back button to view a restricted page to test if logout really succeeded, but that page was actually served from the browser cache instead of straight from the webserver over a real HTTP connection.
In that case, you need to instruct the webbrowser to not cache the restricted pages. This way the browser will always request the page straight from the webserver. You can do this with help of a Filter. You can find an example in this question: Prevent user from seeing previously visited secured page after logout
Upvotes: 8
Related Questions
- Logout from web app using tomcat Basic authentication
- login and logout jsf
- session Logout problem in jsf
- How to Logout in a JSF application
- how to implement logout process in JSF application
- Using servlet to log user out in Java EE application
- Auto-logout in JSF Application
- Destroying specific user session in JSF
- JSF life after logout
- Simple login and logout capabilities for my web app(JSF 2.0)