After logout, session is not ending
Question
I have created a java login application in which all is working fine but when I click on logged out button it successfully logged out and redirect to index.jsp but in index.jsp page if I print session value then it is printing the same, I do not know why ?? However, on logged out I have kill the session. Below is the code, please suggest the possible reason:
on index.jsp page following is the code which is checking wheather session is exist or not. After logout it is printing "isession is not null"...
<%
if (session == null)
{
System.out.println("session is null");
session.removeAttribute("username");
session.removeAttribute("uniqueID");
session.invalidate();
}
else if(session != null)
{
System.out.println("isession is not null");
System.out.println(session);
}
%>
loginServlet.java
String name = "";
JSONObject obj = result_array.getJSONObject(0);
String res = obj.get("result").toString();
HttpSession session = null;
if (res.equals("true")) {
try {
name = obj.get("name").toString();
session = request.getSession(true);
session.setAttribute("username", name);
session.setAttribute("uniqueID", uname);
//setting session to expiry in 15 mins
session.setMaxInactiveInterval(15*60);
Cookie userName = new Cookie("user", uname);
userName.setMaxAge(15*60);
response.addCookie(userName);
if("0".equals(obj.get("role").toString()))
{
session.setAttribute("role", "user");
response.sendRedirect("home.jsp");
}
else if("1".equals(obj.get("role").toString()))
{
session.setAttribute("role", "admin");
response.sendRedirect("AdminHome.jsp");
}
}
catch (JSONException ex)
{
System.out.println(getClass().getName()+" = " +ex.toString());
this.context.log(ex.toString());
}
logoutservlet.java
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
// Cookie[] cookies = request.getCookies();
// if (cookies != null) {
// for (Cookie cookie : cookies) {
// if (cookie.getName().equals("JSESSIONID")) {
// System.out.println("JSESSIONID=" + cookie.getValue());
// break;
// }
// }
// }
Cookie loginCookie = null;
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals("user")) {
loginCookie = cookie;
break;
}
}
}
if (loginCookie != null) {
loginCookie.setMaxAge(0);
response.addCookie(loginCookie);
}
PrintWriter out = response.getWriter();
HttpSession session = request.getSession(false);
if (session != null) {
session.removeAttribute("username");
session.removeAttribute("uniqueID");
session.removeAttribute("role");
session.invalidate();
}
out.print("You have Succefully logged out ");
response.sendRedirect("index.jsp");
out.flush();
out.close();
}
}
1 answers
solution1
0 2015-01-31 10:46:57
By default, a session is automatically created for a JSP unless it already exists of course. So, post-logout when you're checking for the implicit session object again, it's a new one.
You can verify this by printing
<%= session.isNew() %>
To turn this off for a particular JSP, you need set the session attribute of your page directive.
<%@ page session="false" %>
This seems unnecessary though because the logged-in/out state can always be determined by the presence of a session attribute rather than the nullity of the session itself.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.