[Esapi-dev] DataBase based Authentication using ESAPI

Majji trinada.rao at gmail.com
Wed Sep 11 18:53:26 UTC 2013

Hi Kevin/Chris,

I'm new to ESAPI and able to implement Database based Authentication in my
current project. I'm able to successfully log in but when tried to logout,
the *getCurrentUser()* returning Anonymous user.

public void logout() {
        *User user = getCurrentUser();*
        if (user != null && !user.isAnonymous()) {

When user logged in, setting setCurrentUser() which internally call below

private final ThreadLocalUser currentUser = new ThreadLocalUser();

    private class ThreadLocalUser extends InheritableThreadLocal<User> {

        public User initialValue() {
            return User.ANONYMOUS;

        public User getUser() {
            return super.get();

        public void setUser(User newUser) {

Please help.

Thanks and Regards
Trinada R. Majji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-dev/attachments/20130911/f1556588/attachment.html>

More information about the Esapi-dev mailing list