Destroying Session and Session Objects in JSF

2

I'm using session.invalidate(); to invalidate the session, but when I access the Tomcat manger it shows me that the session still exists.

The following code shows me that even after using the invalidate () method I can display information about an object that is in session. Should not this object have been deleted?

@ManagedProperty("#{usuarioController}")
private UsuarioController usuarioController;

@RequestMapping("antigo")
public String antigo(HttpSession session) {

    HttpSession s = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false);

    FacesContext.getCurrentInstance().getViewRoot().getViewMap().remove("usuarioController");
    s.invalidate();

    if (usuarioController.getUsuarioLogado() == null) {
        System.out.println("OBJETO LIMPO");
    } else {
        System.out.println("OBJETO CONTINUA: " + usuarioController.getUsuarioLogado().getNome());
    }

    HttpSession s1 = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false);
    if (s1 == null) {

        System.out.println("Sessão invalida");
    } else {

        System.out.println("Sessão valida");
    }

    if (usuarioController.getUsuarioLogado() == null) {
        System.out.println("OBJETO LIMPO");
    } else {
        System.out.println("OBJETO CONTINUA: " + usuarioController.getUsuarioLogado().getNome());
    }

    return "login.xhtml?faces-redirect=true";
}
    
asked by anonymous 17.01.2016 / 00:07

1 answer

0

You do not need to recover the session, remove the controller session scoped and then invalidate the session manually, having to work with specific Servlet API things. You can use ExternalContext # invalidateSession () directly, something like this:

FacesContext.getCurrentInstance().getExternalContext().invalidateSession();

His documentation is clear:

  

Invalidates this session then unbinds any objects bound to it.

That is, it will remove the session objects too:)

  

The following code shows me that even after using the invalidate() method I can display information about an object that is in session. Should not this object have been deleted?

In the current response you will still be able to have the session information, the request needs to be completed, but not in the next requests, so still enter your else and display Session valid in the current request.

It may be interesting to do a redirect shortly after invalidating the session, it helps to avoid problems in your application.

    
17.01.2016 / 01:48