tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hessing Ingo" <I.Hess...@laudert.de>
Subject AW: How to logout
Date Wed, 02 Jan 2002 14:02:39 GMT

Hi!

juha.paananen@datex-ohmeda.com wrote:
> instance request.getRemoteUser() will still return the same user as
> before invalidation..

Yep, that's normal. You have to make a difference between the implicit
objects "request" (referring to the actual HTTP-request including full
user authentication) and "session".

After authentication over HTTP a dedicated user could initiate _several_
sessions doing different things for him.

If you want to invalidate an user per session you shouldn't use HTTP
authentication but implement an user property in a JavaBean (used with
the scope "session").

bestWISHES

Ingo

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message