tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Henson" <g...@ibtswift.com>
Subject RE: Session.invalidate() does not work
Date Tue, 08 Oct 2002 03:45:11 GMT
I have encountered the same problem with form based authentication.

-----Original Message-----
From: Craig R. McClanahan [mailto:craigmcc@apache.org] 
Sent: Tuesday, 8 October 2002 16:39
To: Tomcat Users List
Subject: Re: Session.invalidate() does not work

On Mon, 7 Oct 2002, Alex Imbastari wrote:

> Date: Mon, 07 Oct 2002 19:45:27 +0100
> From: Alex Imbastari <aimbastari@socal.rr.com>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: Session.invalidate() does not work
>
> Hi all
> I am using TOmcat 4.1 with Basic  Authentication with JDBC Realm.  I
log
> off users using session.invalidate() but this doesn't seem to work.
Any
> suggesstions would be appreciated
>

You probably want to use form-based authentication instead.

The reason for this is that use of BASIC authentication causes the
*browser* to keep sending the authentication credentials with every
request, and there doesn't seem to be any portable way of stopping this
short of having the user close down and reopen their browser.

> Thanks
> Alex

Craig


--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message