tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Cassidy <dcass...@hotgen.com>
Subject Re: How to logout
Date Wed, 02 Jan 2002 15:35:37 GMT
the remote user is http protocol specific.
It does not use anything in the users session.

If you want to log out a user who has used basic auth you need
to send them a page with a status of not authorised.
The browser will then get the message that the user is
'logged out'

Hope this helps !

Of course basic auth isn't very secure as the users username/password
gets passed in the clear on every transfer...

D



juha.paananen@datex-ohmeda.com wrote:

> Hi!
>
> I have understood that logging out the current user should be done by
> calling
>
>  session.invalidate()
>
> .. however, this does not seem to work: the session is emptied, but for
> instance request.getRemoteUser() will still return the same user as
> before invalidation..
>
> Is this a Tomcat bug or have I misunderstood something here?
>
> I'm using Tomcat 4.0.1 and HTTP basic authenticationg without SSL.
>
> Thanks in advance.
>
> -juha-
>
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message