How to Remove Identity Immediately in Web Application ? (Doc ID 1523512.1)

Last updated on SEPTEMBER 08, 2023

Applies to:

Oracle WebLogic Server - Version 10.3.6 to 12.1.1.0
Information in this document applies to any platform.

After executing session.invalidate(), the security context still contains the authenticated subject.

To illustrate this, here is a simple JSP page :

After calling session.invalidate(), the principals can be still listed.

However, the security subject is removed after this JSP page execution.

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.