{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 我想做一个坏孩纸 的问题《JSF logout using session.invalidate does not clear》','https://www.manongdao.com/q-323677.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
In my JSF application, I get the name of the currently signed in user like this ...
public String getLoggedInUsername() {
return FacesContext.getCurrentInstance().getExternalContext().getRemoteUser();
}
... and I check if the user is signed in like this ...
public boolean isSignedIn() {
return (getLoggedInUsername() != null);
}
... and when the user signs out, I do this ...
public String doLogout() {
FacesContext facesContext = FacesContext.getCurrentInstance();
HttpSession httpSession = (HttpSession)facesContext.getExternalContext().getSession(false);
httpSession.invalidate();
return "main";
}
My problem is after doLogout(), the getLoggedInUsername() still returns the name of the user that was logged in. What am I supposed to do to make sure getRemoteUser() returns null after logout?
Alternately, is there a better way to get if isSignedIn() than just checking the username?
Thanks! Rob
Ensure that you're redirecting the request after invalidating the session. The user principal is resolved based on a session attribute. So when you just forward to the target page (as a JSF navigation case by default does), then it'll still be there in the target page since it uses the same
HttpSessionreference. A redirect instructs the webbrowser to fire a brand new HTTP request, hereby forcing the server to recreate theHttpSessionreference based on the new request.Add
<redirect/>to the navigation case to force JSF to send a redirect. Or when you're already in JSF 2.0, add?faces-redirect=trueto the outcome value.After call "session.invalidate();" , add "request.logout();".
Method invalidate on session object just clean session data.
Method logout on request object establish null as the value returned when getUserPrincipal, getRemoteUser, and getAuthType is called on the request.