diff options
Diffstat (limited to 'documentation/articles/HandlingLogout.asciidoc')
| -rw-r--r-- | documentation/articles/HandlingLogout.asciidoc | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/documentation/articles/HandlingLogout.asciidoc b/documentation/articles/HandlingLogout.asciidoc new file mode 100644 index 0000000000..e83ef7705b --- /dev/null +++ b/documentation/articles/HandlingLogout.asciidoc @@ -0,0 +1,29 @@ +[[handling-logout]] +Handling logout +--------------- +What should happen the user wants to log out from a Vaadin application +depends on how the user is stored when the user logged in. + +If the user information is stored in the `VaadinSession`, that session +should be closed using its `close()` method. If the information on the +other hand is stored in the `HttpSession` or `PortletSession`, then that +session should be invalidated using the `invalidate()` method in Vaadin's +`WrappedSession` that represents either underlying session type. + +Aside from removing the user's information, the user should also be +redirected to a logout page to avoid keeping the UI open in the browser +after all server-side information about is has been removed. + +[source,java] +.... +private void logout() { + // Close the VaadinServiceSession + getUI().getSession().close(); + + // Invalidate underlying session instead if login info is stored there + // VaadinService.getCurrentRequest().getWrappedSession().invalidate(); + + // Redirect to avoid keeping the removed UI open in the browser + getUI().getPage().setLocation(getLogoutPageLocation()); +} +.... |