In my JSF application, I get the name of the currently signed in user like this ...
public String getLoggedInUsername() {
return FacesContext.getCurrentInstance().getExternalContext().getRemoteUser();
}
... and I check if the user is signed in like this ...
public boolean isSignedIn() {
return (getLoggedInUsername() != null);
}
... and when the user signs out, I do this ...
public String doLogout() {
FacesContext facesContext = FacesContext.getCurrentInstance();
HttpSession httpSession = (HttpSession)facesContext.getExternalContext().getSession(false);
httpSession.invalidate();
return "main";
}
My problem is after doLogout(), the getLoggedInUsername() still returns the name of the user that was logged in. What am I supposed to do to make sure getRemoteUser() returns null after logout?
Alternately, is there a better way to get if isSignedIn() than just checking the username?
Thanks! Rob
Ensure that you're redirecting the request after invalidating the session. The user principal is resolved based on a session attribute. So when you just forward to the target page (as a JSF navigation case by default does), then it'll still be there in the target page since it uses the same HttpSession reference. A redirect instructs the webbrowser to fire a brand new HTTP request, hereby forcing the server to recreate the HttpSession reference based on the new request.
Add <redirect/> to the navigation case to force JSF to send a redirect. Or when you're already in JSF 2.0, add ?faces-redirect=true to the outcome value.