As a result, if we invalidate a user's session via a session's invalidate() method, the user will be logged out of our application.To demonstrate this, I built upon an earlier form-authentication project and added logout capabilities. In Tomcat's file, I specify a regular connector for port 8080 and an SSL connector for port 4321. If a user hits the servlet W, web.xml's security-constraint specifies that the user must be authenticated and that the user must have the 'tomcat' role.Generally user is redirected to the login page where she can giver her credential and log in the application again. Index pages, error pages and other pages that you think user can access without logging in should be specified in this list.In my previous post, I wrote about handling session errors and other server errors at client side using AJAX. In do Filter() method, you will notice one Redirect.
As we saw in another tutorial, form authentication relies on session storage. Http Session; public class Logout Servlet extends Http Servlet . Click logout button and it will invalidate the session. */ public static void eradicate(final Http Servlet Request request,final Http Servlet Response response) /** * Sets the specified locale into session of the specified request. If no session of the specified request, do nothing. So if the session do not exists then the request parameters will be ignored.