My Oracle Support Banner

How to Remove Identity Immediately in Web Application ? (Doc ID 1523512.1)

Last updated on SEPTEMBER 05, 2021

Applies to:

Oracle WebLogic Server - Version 10.3.6 to
Information in this document applies to any platform.


After executing session.invalidate(), the security context  still contains the authenticated subject. 

To illustrate this, here is a simple JSP page : 

After calling session.invalidate(), the principals can be still listed.

However,  the security subject is removed after this JSP page execution.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.