logout | 易学教程

How to properly logout of a Java EE 6 Web Application after logging in

阅读更多关于 How to properly logout of a Java EE 6 Web Application after logging in

A pretty simple requirement. After logging into web J2EE 6 application, how can I have the user logout again? Most (all?) the books and tutorials I have seen show how to add a login/loginerror page to their application and demonstrate the use of security principals/roles/realms etc using the "j_security_check" method - all good. But then it's not clear how to give the user the power to logout. Indeed, how can I force a logout after, say, the session times out, etc? You should have logout servlet/jsp which invalidates the session using the following ways: Before Servlet 3.0, using session

How to manually log out a user with spring security?

阅读更多关于 How to manually log out a user with spring security?

Probably the answer is simple: How can I manually logout the currently logged in user in spring security? Is it sufficient to call: SecurityContextHolder.getContext().getAuthentication().setAuthenticated(false); ? In Servlet 3.0 container Spring logout functionality is integrated with servlet and you just invoke logout() on your HttpServletRequest . Still need to write valid response content. According to documentation (Spring 3.2): The HttpServletRequest.logout() method can be used to log the current user out. Typically this means that the SecurityContextHolder will be cleared out, the

Why is PassportJS in Node not removing session on logout

阅读更多关于 Why is PassportJS in Node not removing session on logout

I am having trouble getting my system to log out with PassportJS. It seems the logout route is being called, but its not removing the session. I want it to return 401, if the user is not logged in in specific route. I call authenticateUser to check if user is logged in. Thanks a lot! /******* This in index.js *********/ // setup passport for username & passport authentication adminToolsSetup.setup(passport); // admin tool login/logout logic app.post("/adminTool/login", passport.authenticate('local', { successRedirect: '/adminTool/index.html', failureRedirect: '/', failureFlash: false }) ); app

PHP session_start() function: Why I need it everytime I use anything related to PHP sessions

阅读更多关于 PHP session_start() function: Why I need it everytime I use anything related to PHP sessions

问题 For logging out a user from my website, I am redirecting the page to logout.php where I am using session_destroy() function. Even there also, logout functionality is not working without session_start() function. By adding session_start() function before session_destroy() function, I am able to logout the user successfully. Why do I need to use session_start() function everytime and in every page where I am doing something related to sessions? 回答1: session_destroy() destroys the active session

Asp.net: Implementing Auto-Logout functionality

阅读更多关于 Asp.net: Implementing Auto-Logout functionality

问题 I have to implement auto-logout functionality in one of my projects and i just cant figure out where to start looking for ideas but SO . What i need is for the application to redirect the user to the login page if the user session has expired. Please tell me as to what should be my approach to tackle this requirement. Problem Statement: If the user leaves the system for more than n minutes in any given log-in instance, the system should automatically log them off. 回答1: Going on the comments

Instagram Api User Logout

阅读更多关于 Instagram Api User Logout

问题 How do I perform a logout from my application only (not from the instagram account - but yes from my app) ? I saw some people saying "refer the user to the instagram logout page" but it's not what I really need. 回答1: You could use an iframe in your own "logout" page. Something like: <iframe src="https://instagram.com/accounts/logout/" width="0" height="0" /> You probably want to redirect to the main page after the log out is performed. Hope that helped. 回答2: If Bhavik S's answer didn't work

'Login as another user' MVC 4 Windows Authentication

阅读更多关于 'Login as another user' MVC 4 Windows Authentication

问题 I have an intranet project written in MVC 4 which uses Windows Authentication to authorise and authenticate users. I need to add a 'Login as another user' functionality. After some searching I found this solution which suggests returning a 401, and created the following Action (which is called using a form): // // POST: /Home/LogOut [HttpPost] [ValidateAntiForgeryToken] public ActionResult LogOut() { return new HttpUnauthorizedResult(); } The Action gets called, and the browser pops up a

How to control storing user data using SharedPreferences when logging in and out?

阅读更多关于 How to control storing user data using SharedPreferences when logging in and out?

问题 I'm trying to create an app which uses username and password to login, then stay logged in as long as user didn't logout -or didn't delete app data of course-, and as far as I know that SharedPreferences is the best to do so. How do I implement it correctly? I've tried to create SharedPreferences object then Editor object to check at launching app if there are data stored for username and password, and if so then login automatically. Then for logging out, once is logout button is clicked,

Android detecting if an application entered the background

阅读更多关于 Android detecting if an application entered the background

问题 I'm trying to implement some automatic logout code for my Application on Android. I need to detect if all the activities belonging to an Application have entered the background as opposed to working with onPause() and onResume() for each individual activity. iOS has a helpful applicationDidEnterBackground: method that I could utilize, but I'm unable to find a similar function in Android's Application class. One approach seems to be to have an AtomicInteger counter and increment it once an

http basic authentication “log out”

阅读更多关于 http basic authentication “log out”

HTTP basic authentication credentials are stored until the browser is closed, but is there a way to remove the credentials before the browser is closed? I read about a trick with HTTP 401 status code , but it seems to work not properly (see comment to answer). Maybe the mechanism trac uses is the solution . Can the credentials be deleted with JavaScript? Or with a combination of JavaScript and the status 401 trick? Jan. Update : This solution does not seem to work anymore in many browsers. Kaitsu's comment: This solution of sending false credentials to make browser forget the correct