managed bean logout not working

Question

in my java ee application, i am not able to implement logout functionality,. this is what happens when i try to implement it: i have a header.xhtml which has header css part of my app: header.xhtml:(code for logout)

<div class="userid-link"><img src="images/app.png" alt=""/><p><a href="#{loginBean.logoutAction()}">Logout</a></p></div>

code for logout: loginBean.java

    public String logoutAction()
    {
        HttpServletRequest req=(HttpServletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequest();
try{
    HttpSession session=req.getSession();
    session.invalidate();
      //  req.logout();
        }
catch(Exception e)
        {

        }
        return"equityVolume.xhtml";
    }

error:

SEVERE: Error Rendering View[/ClientTemplate/userWatch.xhtml]
javax.el.ELException: /ClientTemplate/userWatch.xhtml @44,62 value="#{watchBean.ut}": java.lang.IllegalStateException: PWC3999: Cannot create a session after the response has been committed
    at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:114)

...
INFO: Exception when handling error trying to reset the response.
java.lang.IllegalStateException: PWC3999: Cannot create a session after the response has been committed
    at...

the home page loads properly, but when i try to login, the userWatch.xhtml is not rendered properly and i get the above error, the css is also not applied.

watchBean.java

 public List<UserTrack> getUt() {
        HttpServletRequest req=(HttpServletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequest();
    HttpSession session=req.getSession();// debugged and found that the session is null, this methos executes after login i.e. on the userWatch.xhtml that is redirected after login from homePage
    this.uname=(String)session.getAttribute("uname");
        ut=getAllUserTrack(uname);
    return ut;
    }

when i remove the logOutAction method call from header.xhtml, then everything works fine except that i get viewExpired error on logout:

<div class="userid-link"><img src="images/app.png" alt=""/><p><a href="#/homePage">Logout</a></p></div>

how do i solve it?

Answer 1

To invalidate session if your loginBean is a SessionScoped managed bean and logout method is a method of that managed bean:

public void logout() {
    // Invalidate session of a sessionscoped managed bean
    FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
    try {
        // Redirect to page you want after logout
        FacesContext.getCurrentInstance().getExternalContext().redirect("<INSERT HERE THE PAGE YOU WANT TO REDIRECT(just the name like 'homepage')");

    } catch (IOException ex) {
        Logger.getLogger(TravelerSession.class.getName()).log(Level.SEVERE, null, ex);
    }

}

You can either redirect to page you want on the method or return the name of the page you want to go. I think it's safer by doing in the method of the bean.

On the webpage you should have something like this:

<h:commandButton class="btn btn-info" action="#{loginBean.logout}" value="Log out" />

Answer 2

That is the wrong way to try to call a method in a managed bean. You probably want:

<h:commandLink action="#{loginBean.logoutAction()}" value="Logout" />

Also, how are you logging in? If you are rolling your own login mechanism then invalidating the session is probably okay but if you are using web.xml security constraints then you should be using the Java EE 6 programmatic login API for servlets.