Menu
i am using spring 3 (annotations) with jsf, and i know how to create a session and how to invalidate it afterwards...
so when i login and use the logout button at the end, then everthing works great. but the problem is, the session remains if i don't click at the logout button. if i now log in with a different user, then the old session data remains - cause the old session wasn't invalidated.
so how can i force the system to create a new session if the old session wasn't invalidated?
860
By default, Spring Security will create a session when it needs one — this is “ifRequired“. For a more stateless application, the “never” option will ensure that Spring Security itself won't create any session. But if the application creates one, Spring Security will make use of it.
To create a new session or gain access to an existing session, use the HttpServletRequest method getSession(), as shown in the following example: HttpSession mySession = request. getSession();
You should clear the session when the user logs in. This way, whether they've logged out or not, you're starting fresh:
@RequestMapping("login")
public String login(LoginForm form, HttpServletRequest request, HttpSession session) {
session.invalidate();
HttpSession newSession = request.getSession(); // create session
// log the user in
return "successPage";
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
