Hi,

A simple mini-post concerning a servlet to invalidate the current session when the user wants to logout. This is directly supported by the servlet api by the call to appropriate method HttpSession.invalidate() in a servlet or a controller dedicated to invalidate session.

I). Server Side components
First, following the codes of coordinator servlet LogoutServlet:

public class LogoutServlet implements org.springframework.web.HttpRequestHandler {
	
	// -------------------------------------------------------------- PUBLIC FUNCTIONS
	public void handleRequest(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
		HttpSession session = req.getSession(false);

		
		res.setHeader("Cache-Control","no-cache");
		res.setHeader("Cache-Control","no-store");
		res.setDateHeader("Expires", 0);
		res.setHeader("Pragma","no-cache"); 

		if (session != null) {
			session.invalidate();
		} // end-if

		PrintWriter out = res.getWriter();
		out.println("<html><body><script>window.close();</script></body></html>");
	}
}

Explanations:

  • This class LogoutServlet implements the interface HttpRequestHandler which is an interface for the creation of coordinator servlet i.e. plain handler interface for components that process HTTP requests, analogous to a Servlet. In this example, because we use this solution in a Web application based on Spring MVC, we will use the option recommended by the Spring (2) documentation for the way of exposing an HttpRequestHandler:

    (1) The easiest way to expose an HttpRequestHandler bean in Spring style is to define it in Spring’s root web application context and define an HttpRequestHandlerServlet in web.xml, pointing at the target HttpRequestHandler bean through its servlet-name which needs to match the target bean name.

    (2) Supported as a handler type within Spring’s DispatcherServlet, being able to interact with the dispatcher’s advanced mapping and interception facilities. This is the recommended way of exposing an HttpRequestHandler, while keeping the handler implementations free of direct dependencies on a DispatcherServlet environment.

  • the web.xml file will be:
    [...]
    	<servlet>
    		<servlet-name>myHUODispatcherServlet</servlet-name>
    		<servlet-class>
    			org.springframework.web.servlet.DispatcherServlet
    		</servlet-class>
    		<load-on-startup>1</load-on-startup>
    		<!-- Configuration file of dispatcher servlet is: myHUODispatcherServlet-servlet.xml  -->
    	</servlet>
    
    	<servlet-mapping>
    		<servlet-name>myHUODispatcherServlet</servlet-name>
    		<url-pattern>*.do</url-pattern>
    	</servlet-mapping>
    [...]
    
  • …and myHUODispatcherServlet-servlet.xml file:
    [...]
    	!-- ################### SPRING MVC CONTROLLER XML  ################### -->
    	<bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
    		<property name="mappings">
    			<value>
    				/loginSecure.do=loginSecureController
    				/myController.do=myControllerDo
    				/logout.do=LogoutServlet
                			</value>
    		</property>
    	</bean>
    
    	<!-- ################### LOGOUT SERVLET ######################### -->
    	<bean id="LogoutServlet" class="ec.ep.qe2web.site.servlet.LogoutServlet"></bean> 
    [...]
    

II). Client Side
Here, an example of a SENCHA/ExtJs interface containing a link:

{
	text: 'Logout',
	handler: function(grid, rowIndex, colIndex) {
		document.location='logout.do';
	}
}

Note: Often, a more simple solution could be directly close the current window, however, this solution doesn’t invalidate the session:

{
	text: 'Logout',
	handler: function(grid, rowIndex, colIndex) {
		window.close();
	}
}

That’s all!!!

Huseyin OZVEREN