问题
For legacy reasons we're using servlet-api-2.3.jar, in which HttpServletRequest not yet had the logout method. What do I do instead? We're also using an old version of Oracle's ATG, which contains a class called DynamoHttpServletRequest as well, but I don't know what to do with that either. What to try/read?
回答1:
It depends on what the semantics of logging in are in your application.
Typically, this should do it unless you're doing something exotic:
request.getSession().invalidate();
I'm not familiar with Dynamo, so you may want to see if it has any specifics about session management, as some frameworks do.
And if you're using any security frameworks, you may need to clear/de-autenticate an authentication token.
回答2:
atg.servlet.ServletUtil.invalidateSessionNameContext(request, atg.servlet.ServletUtil.getCurrentRequest().getSession(false));
atg.servlet.ServletUtil.invalidateSession(request, atg.servlet.ServletUtil.getCurrentRequest().getSession(false));
// Redirect, the profile is null from here on.
response.sendRedirect("login");
回答3:
I encountered this problem too and found this in the ATG documentation:
Some application servers maintain a single session ID between web applications for the same client (browser), in which case the session name context ID is the current web application’s session ID. This behavior is controlled by the /atg/dynamo/ servlet/sessiontracking/GenericSessionManager.singleSessionIdPerUser property, which is set to one of the following default values in the DafEar sub-module configuration layer:
- WebLogic – false <--
- JBoss – true
- WebSphere - true
Note: Do not change these values from their defaults.
This means that on jboss and websphere you can safely use session.invalidate() however on WebLogic you will need to use something along the lines of:
protected void forceLogout(DynamoHttpServletRequest pRequest) {
HttpSession session= pRequest.getSession(false);
if (session != null ) {
// When ATG runs on weblogic you need to ensure the parent session is invalidated
// session.invalidate() does not work.
atg.servlet.ServletUtil.invalidateSession(pRequest, session);
}
}
I hope this helps explain why.
来源:https://stackoverflow.com/questions/20522376/httpservletrequest-logout-on-old-servlet-api-2-3-jar