Servlet session invalidate

Question

I have 2 apps in 2 different servers - Tomcat(basically a .WAR file) and a EAR in jBoss.

EAR is a reusable app where I will authenticate the user and send back the c

Answer 1

You don't need a Filter. A simple Servlet will do:

public LogoutServlet extends HttpServlet {
    @Override
    public void doGet(...) {
       request.getSession().invalidate();
    }
}

Then map this servlet to /lougout in web.xml, and whenever the user wants to logout, he should be sent to http://youhost/yourapp/logout.

If you want to log him out when he is already working with the tomcat server, you'd need to redirect back to the JBoss server to invalidate the session there.

Note that request.getSession() gets the current session - i.e. the one that belongs to the user making the request. Your servlet container (server) handles this for you.