session invalidate in JSF2.0

Question

I'm using JSF2.0 with jsp.I'm trying to incorporate session invalidation in my project.I've tried using the following code.

<h:commandButton value="Logout" action="#{bean.logout}" </h:commandButton>

and my bean class contains the following method

   public class Bean{
    public String logout(){
      FacesContext context = FacesContext.getCurrentInstance();
      HttpSession session = (HttpSession)context.getExternalContext().getSession(false);
      session.invalidate();
      return "login";
    }
   }

where string login redirects to login page.

my project has several pages which includes a header page..when i tried the above way...it was working fine when i click on logout from the very first page...If i try the same after going to other pages, its not logging out.Can anyone help me on this...is this the way we invalidate a session here???

UPDATE

I also tried using "*" in the navigation rule so that each page can be redirected to Login...but still the issue was same

score 2 · Accepted Answer · answered Oct 02 '11 at 12:44

2

Try

return "login?faces-redirect=true"

as outcome so the browser does not use the same request for the login-page, which has the session still active.

answered Oct 02 '11 at 12:44

Chris

7,864
1
27
38

Tried this too but couldnt solve my problem...can u suggest any other solution – Mango Oct 02 '11 at 15:46
It should work. Your problem is likely browser cache related. See also those lot of related questions: http://stackoverflow.com/q/7739712, http://stackoverflow.com/q/7838910, http://stackoverflow.com/q/8062267, http://stackoverflow.com/q/7163051, http://stackoverflow.com/q/7437475, etc. – BalusC Feb 15 '12 at 19:43

Bhesh Gurung · Answer 2 · 2011-10-02T16:03:00.920

0

Did you try this -

return "/login?faces-redirect=true";

If the view login is in the root directory.

Otherwise if it's in some other folder then as follows -

//if it's in the folder - folder1
return "/folder1/login?faces-redirect=true"

Notice / at the beginning of the outcome.

edited Oct 02 '11 at 16:03

answered Oct 02 '11 at 15:55

Bhesh Gurung

50,430
22
93
142

score 0 · Answer 3 · edited Feb 15 '12 at 16:35

Use remoteCommand tag and on logout call this remoteCommand using JavaScript and provide the implementation in managedBean for the logout and the implmentation is ok that you paste here just need enter code hereto redirct to login page, or you can use again JavaScript to redirect to login page.

<h:commandButton value="Logout" onclick="closeSession();" </h:commandButton>

<p:remoteCommand name="closeSession"
action="#{jobController.logout}">

public class Bean{
    public String logout(){
          FacesContext context = FacesContext.getCurrentInstance();
          HttpSession session = (HttpSession)context.getExternalContext().getSession(false);
          session.invalidate();
          return "login?faces-redirect=true";
   }
}

How exactly does that make difference? You are not explaining OP's concrete problem in any way. — BalusC, Feb 15 '12 at 19:40

session invalidate in JSF2.0

3 Answers3