cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gina Choi <ginacho...@gmail.com>
Subject Re: Logout from Fediz from single web application.
Date Thu, 20 Sep 2012 19:15:28 GMT
Hi Glen,
It has been a while. I hope you are doing well.

<<<
While it may "let user pass through without prompting credentials", the user
still cannot do any meaningful functionality, correct?  I.e., any
updates/new reads/writes, etc.?  The user is just seeing static info from
the time he did have a connect, right?
>>>

When I call http session invalidate (), it only takes care of removing
cookies for my application. It can't remove cookies with STS. So, since
cookies with STS is still alive, user is not prompted any credentials (this
is after user logout, try to logon using same browser) and he/she is
authenticated and create a new session with my application gain. This gives
user impression, he never clicked logout request.
I was thinking of, if we can send a logout request to STS when user logout
from the application. How does Fediz support single log out? I think that I
asked this question before, but don't remember what was the answer.

Thanks.

Gina




--
View this message in context: http://cxf.547215.n5.nabble.com/Logout-from-Fediz-from-single-web-application-tp5713780p5714356.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message