How to invalidate session in JSF 2.0?

by

Firstly, is this method correct? Is there a way without touching the ServletAPI?

You can use ExternalContext#invalidateSession() to invalidate the session without the need to grab the Servlet API.

@ManagedBean
@SessionScoped
public class UserManager {

    private User current;

    public String logout() {
        FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
        return "/home.xhtml?faces-redirect=true";
    }

    // ...

}

what will happen to my current session scoped bean? since even the bean itself is stored in HttpSession?

It will still be accessible in the current response, but it will not be there anymore in the next request. Thus it’s important that a redirect (a new request) is fired after invalidate, otherwise you’re still displaying data from the old session. A redirect can be done by adding faces-redirect=true to the outcome, as I did in the above example. Another way of sending a redirect is using ExternalContext#redirect().

public void logout() throws IOException {
    ExternalContext ec = FacesContext.getCurrentInstance().getExternalContext();
    ec.invalidateSession();
    ec.redirect(ec.getRequestContextPath() + "/home.xhtml");
}

Its use is however questionable in this context as using a navigation outcome is simpler.

More Related Contents:

  1. Check if session exists JSF
  2. How to choose the right bean scope?
  3. Do sessions really violate RESTfulness?
  4. How do I process GET query string URL parameters in backing bean on page load?
  5. ASP.NET Web API session or something?
  6. ViewParam vs @ManagedProperty(value = “#{param.id}”)
  7. Localization in JSF, how to remember selected locale per session instead of per request/view
  8. Adding causes java.lang.IllegalStateException: Cannot create a session after the response has been committed
  9. What’s your favorite cross domain cookie sharing approach? [closed]
  10. Sticky and NON-Sticky sessions
  11. Can you help me understand this? “Common REST Mistakes: Sessions are irrelevant”
  12. Maintaining Session through Angular.js
  13. How to log users off automatically after a period of inactivity?
  14. Session variable value is getting null in ASP.NET Core
  15. Authentication: JWT usage vs session
  16. How to reference JSF managed beans which are provided in a JAR file?
  17. What does the crossContext attribute do in Tomcat? Does it enable session sharing?
  18. JSF does not populate @Named @RequestScoped bean with submitted input values
  19. Firebase 3.x – Token / Session Expiration
  20. ‘session’ is undefined when using express / redis for session store
  21. Classic ASP: Multiple ASPSESSIONID in cookies
  22. Invalidating client side JWT session
  23. The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and ‘-,’
  24. Using Express and Node, how to maintain a Session across subdomains/hostheaders
  25. What is the best way to manage a user’s session in React?
  26. How can I manually load a Java session using a JSESSIONID?
  27. Spring Framework 3 and session attributes
  28. Laravel: share session data over multiple domains
  29. How can I get a message bundle string from inside a managed bean?
  30. Difference between session affinity and sticky session?

Leave a Comment