Destroying Session and Session Objects in JSF

Question

Destroying Session and Session Objects in JSF

Asked 8 years, 5 months ago

Viewed 1,003 times

2

I’m using session.invalidate(); to invalidate the session, but when I access the Tomcat mailer it shows me that the session still exists.

The following code shows me that even after using the invalidate() method I can display information from an object that is in session. This object should not have been excluded?

@ManagedProperty("#{usuarioController}")
private UsuarioController usuarioController;

@RequestMapping("antigo")
public String antigo(HttpSession session) {

    HttpSession s = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false);

    FacesContext.getCurrentInstance().getViewRoot().getViewMap().remove("usuarioController");
    s.invalidate();

    if (usuarioController.getUsuarioLogado() == null) {
        System.out.println("OBJETO LIMPO");
    } else {
        System.out.println("OBJETO CONTINUA: " + usuarioController.getUsuarioLogado().getNome());
    }

    HttpSession s1 = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false);
    if (s1 == null) {

        System.out.println("Sessão invalida");
    } else {

        System.out.println("Sessão valida");
    }

    if (usuarioController.getUsuarioLogado() == null) {
        System.out.println("OBJETO LIMPO");
    } else {
        System.out.println("OBJETO CONTINUA: " + usuarioController.getUsuarioLogado().getNome());
    }

    return "login.xhtml?faces-redirect=true";
}

1 answer

Browser other questions tagged java jsf session

You are not signed in. Login or sign up in order to post.

by Bruno César • **5,450** points · Answer 1 · 2016-01-17T00:48:49+00:00

It is not necessary for you to recover the session, remove the controller Session scoped and then invalidate the session manually, having to work with specific things from the Servlet API. You can use ExternalContext#invalidateSession() directly, something like that:

FacesContext.getCurrentInstance().getExternalContext().invalidateSession();

His documentation is clear:

Invalidates this Session then unbinds any Objects bound to it.

That is, it will remove the session objects as well :)

The following code shows me that even after using the method invalidate() can display information from an object that is in session. That object should not have been deleted?

In the sponse current you will still be able to have session information, the request needs to be completed, but not in the next requests, that is still enter your else and display Session validates in the current request.

Maybe it’s interesting you make one redirect soon after invalidating the session, helps avoid problems in your application.