Announcement Announcement Module
Collapse
No announcement yet.
destroy session upon logging out.Help! Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • destroy session upon logging out.Help!

    Hi. I am a new user of acegi and i do have question regarding invalidation of session upon logging out. In my application, i only had the line "session.invalidate();" in the action. when i tried getting the authentication object from the context holeder (which i think holds the user's info), after "session.invalidate()", the authentication object is not null.so when the user tries clicking "BACK" button (in the browser), he/she is directed to his/her previously visited page.

    I am using the code below to extract the authentication object:
    SecureContext sContext=((SecureContext)ContextHolder.getContext( ));
    Authentication auth = sContext.getAuthentication();

    i had included in the bean filterInvocationInceptor(applicationContext-acegi-secutity.xml) that all my jsp pages would require an authority "ROLE_SOMEROLE", but since i am still getting the user's granted authority (even after logging off), my user is able to navigate back to the previous page.

    I am just playing around here.. so i had tried:
    HttpSessionIntegrationFilter hsif= new HttpSessionIntegrationFilter();
    hsif.destroy();
    but still not working. when i try
    SecureContext sContext2=((SecureContext)ContextHolder.getContext ());
    Authentication auth 2= sContext2.getAuthentication();
    again, auth2 returns what my other variable auth returns.

    Please help. any will be much appreciated. thanks in advance!

  • #2
    That's a bit odd, and I'd suggest it's related to your filter ordering being incorrect. Check out http://acegisecurity.sourceforge.net...-filters-order. Note 0.8.0 will be released today, so you're probably best off waiting and getting it working with that release (ContextHolder management has changed).

    Comment

    Working...
    X