Request.getUserPrincipal () is still not null after the session is invalid

Question

Request.getUserPrincipal () is still not null after the session is invalid

I have a web application deployed on websphere 7.0 application server. User login using / j _security_check. When the session timeout has an ivnvalidates session, but request.getUserPrincipal () is still non-zero. I expect it to be null. How to clear the user from the user?

+3

java websphere session-timeout principal

Vadim Apr 26 '12 at 13:45

source share

3 answers

, , , , , , , .

SSO ( ) , com.ibm.ws.security.web.logoutOnHTTPSessionExpire = true. LTPA. LTPA, , LTPA ( ) [1].

9 (, , ) [2] , - .

[1]: , LTPA ( )

[2]: Q A: WebSphere Application Server

+3

Kurtcebe Eroglu 06 '12 15:15

, , / HTTPSession, , .

.

, HTTPSession, .

, , LTPA, , LTPA 2 ( ).

HTTP-, LTPA, .

: ibm_security_logout, LTPA.

, API Servlet , .

Manglu

+2

Manglu 30 . '12 23:46

Vadim · Accepted Answer · 2012-05-04T09:09:18+0000

I found a solution in the field of documentation.

In the administrative console, click Security> Global Security.
Under Custom Properties, click Create.
"" com.ibm.ws.security.web.logoutOnHTTPSessionExpire.
"" true.
"" "", .
.

Request.getUserPrincipal () is still not null after the session is invalid

More articles: