My Oracle Support Banner

How to Remove Identity Immediately in Web Application ? (Doc ID 1523512.1)

Last updated on AUGUST 31, 2020

Applies to:

Oracle WebLogic Server - Version 10.3.6 to 12.1.1.0
Information in this document applies to any platform.

Goal

After executing session.invalidate(), the security context  still contains the authenticated subject. 

To illustrate this, here is a simple JSP page : 

After calling session.invalidate(), the principals can be still listed.

However,  the security subject is removed after this JSP page execution.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.