destroy session after logout

2025-11-10 15:35:49 +01:00 · 2011-01-08 16:10:06 +01:00
parent 37a9c506d9
commit 3c066319dd
1 changed files with 8 additions and 0 deletions
--- a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
@@ -56,6 +56,7 @@ import java.util.Set;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;

 /**
 *
@@ -178,6 +179,13 @@ public class BasicSecurityContext implements WebSecurityContext
  {
    user = null;
    groups = new HashSet<String>();
+
+    HttpSession session = request.getSession(false);
+
+    if (session != null)
+    {
+      session.invalidate();
+    }
  }

  //~--- get methods ----------------------------------------------------------