All geek questions in one place

SessionListener sessionDestroyed not called

I seem to have run into a wall with the SessionListener implementation in XPages. The listener prints the output to the log when creating the session, so I know it is correctly registered. However, upon exiting the system, it does not call sessionDestroyed. Is there any special URL redirect that I need to do to destroy a Domino / XPage session right after logging out? As you can see, I tried to clear the areas and clear the cookies, trying to run the sessionDestroyed method. Please note that sessionDestroyed is called when the http server task is restarted, so it seems that the sessions may be delayed until the time of inactivity expires.

Dev Server: 9.0.1 (64 bit running locally on Win7) Starting a single server based on session-based authentication (note: I tried basic auth, same problem)

Logout utility method (called by SSJS):

    public static void logout(){


    String url = XSPUtils.externalContext().getRequestContextPath() + "?logout&redirectto=" + externalContext().getRequestContextPath();
    XSPUtils.getRequest().getSession(false).invalidate();

    //wipe out the cookies
    for(Cookie cookie : getCookies()){
        cookie.setValue("");
        cookie.setPath("/");
        cookie.setMaxAge(0);
        XSPUtils.getResponse().addCookie(cookie);
    }

    try {
        XSPUtils.externalContext().redirect(url);
    } catch (IOException e) {
        logger.log(Level.SEVERE,null,e);
    }
}

simple session listener:

public class MySessionListener implements SessionListener {

public void sessionCreated(ApplicationEx arg0, HttpSessionEvent event) {
    System.out.println("***sessionCreated***");

}

public void sessionDestroyed(ApplicationEx arg0, HttpSessionEvent event) {
    System.out.println("***sessionDestroyed***");
}

}

+4
source share
1 answer

we are trying to associate the traditional "logout" behavior in the HTTP stack with the XPages session control layer. Currently, sessions are dropped depending on the timeout of the session and / or reloading of the HTTP stack. If you want to forcibly delete a session and call the called SessionListener.sessionDestroyed, refer to the following XSP snippet - this is equally applicable for porting to Java:

<xp:button value="Logout" id="button2">
    <xp:eventHandler event="onclick" submit="true"
        refreshMode="complete">
        <xp:this.action>
            <![CDATA[#{javascript:
                // things we need...
                var externalContext = facesContext.getExternalContext();
                var request = externalContext.getRequest();
                var response = externalContext.getResponse();
                var currentContext = com.ibm.domino.xsp.module.nsf.NotesContext.getCurrent();
                var session = request.getSession(false);
                var sessionId = session.getId();

                // flush the cookies and invalidate the HTTP session...
                for(var cookie in request.getCookies()){
                    cookie.setValue("");
                    cookie.setPath("/");
                    cookie.setMaxAge(0);
                    response.addCookie(cookie);
                }
                session.invalidate();

                // now nuke the XSP session from RAM, then jump to logout...
                currentContext.getModule().removeSession(sessionId);
                externalContext.redirect("http://foo/bar.nsf?logout");
            }]]>
        </xp:this.action>
    </xp:eventHandler>
</xp:button>
+5
source

Source: https://habr.com/ru/post/1527919/

More articles:


All Articles