tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hessing Ingo" <>
Subject AW: How to logout
Date Wed, 02 Jan 2002 14:02:39 GMT

Hi! wrote:
> instance request.getRemoteUser() will still return the same user as
> before invalidation..

Yep, that's normal. You have to make a difference between the implicit
objects "request" (referring to the actual HTTP-request including full
user authentication) and "session".

After authentication over HTTP a dedicated user could initiate _several_
sessions doing different things for him.

If you want to invalidate an user per session you shouldn't use HTTP
authentication but implement an user property in a JavaBean (used with
the scope "session").



To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message