How to properly logout of a Java EE 6 Web Application after logging in

by

You should have logout servlet/jsp which invalidates the session using the following ways:

  • Before Servlet 3.0, using session.invalidate() method which invalidates the session also.
  • Servlet 3.0 provides a API method HttpServletRequest.logout() which invalidates only the security context and the session still exists.

And, the Application UI should be providing a link which invokes that logout servlet/jsp

Question: Indeed, how can I force a logout after, say, the session times out, etc?

Answer: The <session-timeout> in web.xml lets you define the timeout value after which the session will get invalidated by the server.

More Related Contents:

  1. How can I upload files to a server using JSP/Servlet?
  2. What is the difference between JSF, Servlet and JSP?
  3. XSS prevention in JSP/Servlet web application
  4. Servlet for serving static content
  5. why business logic should be moved out of JSP?
  6. How to force browser to download file?
  7. How to read request.getInputStream() multiple times
  8. Adding an HTTP Header to the request in a servlet filter
  9. How are Servlet url mappings in web.xml used?
  10. Which compression (is GZIP the most popular) servlet filter would you suggest?
  11. How are Threads allocated to handle Servlet request?
  12. Embedded tomcat 7 servlet 3.0 annotations not working
  13. The ultimate Java version table (J2EE, Java EE, Servlet, JSP, JSTL)
  14. Correct usage of Stateful Beans with Servlets
  15. Call a servlet on click of hyperlink
  16. Maven dependency for Servlet 3.0 API?
  17. How to set session timeout dynamically in Java web applications?
  18. Access Spring beans from a servlet in JBoss
  19. How to store a file on a server(web container) through a Java EE web application?
  20. Session TimeOut in web.xml
  21. Difference between include and forward mechanism for request dispatching concept?
  22. How can I manually load a Java session using a JSESSIONID?
  23. AccessController.doPrivileged
  24. Why do we use web.xml? [closed]
  25. Servlet vs Filter
  26. What is the use of filter and chain in servlet?
  27. sending variable from one jsp to another jsp
  28. Autowiring in Spring bean (@Component) created with new keyword
  29. Single role multiple IP addresses in Spring Security configuration
  30. Disable all default HTTP error response content in Tomcat

Leave a Comment