Logout from VaadinApplication secured with BasicAuth in Jetty

Hi folks,

I try to logout of a Vaadin 7.0.1 Application.
Therefore I have a VaadinButotn that calls a static method called logout.

My Method looks like this:


  public static void logout() {
    // TODO: define Logout-Page
    UI.getCurrent().getPage().setLocation("http://www.google.ch");
    UI.getCurrent().close();
    VaadinSession.getCurrent().close();
    VaadinService.getCurrentRequest().getWrappedSession().invalidate();
  }

The redirect works fine, but if I use the same browser to go back to my Vaadin Application the Jetty does not show the Login-Form again.
The Principal is also still thereā€¦
This only works if i close the Browser and reopen it.

Anybody got an Idea what I am missing?

PS: Anybody knows what is the different between


  VaadinService.getCurrentRequest().getWrappedSession().invalidate();

and


  VaadinSession.getCurrent().getSession().invalidate()  

I think it should be the same right?

I found the reason,

the user and password in __BasicAuth are stored in the cookie so the Browser automaticaly loogs me in again in the Jetty-Realm.
Therefore the sessoin was invalidated but the Browser still had the login information in his cookie.

Hi Marc,

I have apache/tomcat enabled basic auth on ssl. For some reason, whenever I try to get the user principal, it always returns me null.

I tried the following methods:

VaadinServletService.getCurrentServletRequest.get (Remoteusername & principal).

Do you see something wrong?

Thanks,
Ach