tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Persson" <>
Subject Invalidate the SSLSession?
Date Wed, 04 Jan 2006 14:02:59 GMT

I'm trying to implement a feature that I think is missing, but I'm feeling pretty lost in
the Tomcat sources. When SSL client authentication is used, I would like to be able to logout
the user. I think this means that I need to call invalidate() on the SSLSession (I'm using
the JSSE implementation). But, the SSLSession or SSLSocket is not available for the servlet

Does anyone have some hints on how this could be solved? Should I try to make the SSLSession
available in a request parameter, or should the invalidate method call in some way be placed
inside the server code?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message