How to log out?

Jun 17, 2010 at 6:08 PM

Hello,

I'm currently using Waffle in our dev environment.

I managed to get the Jaas login feature working in JBoss 4.2.0. Login in is working fine.

But I'm having issue with logging out. I can't manage to log out.

I tried the following stuff:

- session.invalidate() : no logout

- I downloaded the sources and did some modification to get the current WindowsLoginModule and tried to log out my user but that did nothing.

- Session timeout set to 1 minute: no logout

Can you help me?

 

Thanks in advance, Stephane

Coordinator
Jun 17, 2010 at 7:32 PM

The problem with Windows authentication is that the browsers will (and are supposed to) resubmit a login every time you get an access denied. That's what you're seeing, it just re-logs you in. Every website that I know asks you to close the browser or does it in some javascript.

Jun 18, 2010 at 8:19 AM

Hi,

Thanks for the response, that's what I was thinking. Will do some JS trick then... :P

Coordinator
Jun 18, 2010 at 1:06 PM

I was thinking that with a mixed authenticator (that has a login page) you could fake a logout by setting a cookie that says "you're logged out". The authenticator would then not resend a 401 if the cookie is present and would redirect to the login page. The cookie would be cleared on (re)login.

Feel free to try to implement this. I'd gladly take a patch with this (optional) behavior.

Coordinator
Jun 18, 2010 at 1:10 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.