[Esapi-dev] DataBase based Authentication using ESAPI

Majji trinada.rao at gmail.com
Tue Sep 10 19:19:41 UTC 2013

Hi Jim,

I'm new to ESAPI and able to implement Database based Authentication in my
current project. I'm able to successfully log in but when tried to logout,
the *getCurrentUser()* returning Anonymous user.

public void logout() {
        *User user = getCurrentUser();*
        if (user != null && !user.isAnonymous()) {

When user logged in, setting setCurrentUser() which internally call below

private final ThreadLocalUser currentUser = new ThreadLocalUser();

    private class ThreadLocalUser extends InheritableThreadLocal<User> {

        public User initialValue() {
            return User.ANONYMOUS;

        public User getUser() {
            return super.get();

        public void setUser(User newUser) {

Please help.

Thanks and Regards
Trinada R. Majji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-dev/attachments/20130910/da51dd9e/attachment.html>

More information about the Esapi-dev mailing list