0

I login to my web application using form based JAAS authentication. I use the following code to log out from that application. 

session.invalidate();

But, log out is not working correctly. Please can anyone help me to do the logout task. I have been stuck on this matter for hours. I use following login module to log on to application.

<security-domain name="other" cache-type="default">
    <authentication>
    <login-module code="Database" flag="required">
    <module-option name="dsJndiName" value="java:jboss/datasources/jbpmDS"/>
    <module-option name="principalsQuery" value="select password from users where username=?"/>
    <module-option name="rolesQuery" value="select userrolename,'Roles' from user_role where id IN  (select user_role_id from  user_user_roles INNER JOIN users on user_user_roles.user_id IN (select id from users where username=?));"/>
     </login-module>
     </authentication>
 </security-domain>
Ampm
  • 27
  • 1
  • 7
  • 1
    "*is not working correctly*" is not a real question. Please clarify why it does not work. There may be so many things to be clarified. – Tiny Feb 02 '15 at 11:30
  • After i log out from the application using above code and if i refresh the user's home page again, the user's session is already exist. – Ampm Feb 02 '15 at 12:17
  • Check precisely to see, if the log out mechanism goes through the code containing the line `session.invalidate();` and executes this line, when a user triggers log out. How do you confirm that the user's session still exists after log out? – Tiny Feb 02 '15 at 12:22
  • because, user can access home page without login. – Ampm Feb 02 '15 at 12:25
  • That can also happen among several reasons such as JAAS configurations in the container. Are protected resources accessed, when no session exists at all (when for example, you make the first attempt after the server is started)? – Tiny Feb 02 '15 at 12:30
  • After calling `ssession.invalidate ()` do you get `null` by calling `getSession (false)`? Try to redirect to a protected resource after invalidating the session and then try pressing the back button. What happens then? – Andy Feb 08 '15 at 07:58

0 Answers0