tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject form-based authentication & session.invalidate
Date Sat, 11 Oct 2003 15:55:04 GMT
I am using session.invalidate() to try to cause the user to receive 
another login request, using CMS form-based authentication.

I saw the same issue in bugzilla but for basic authentication:

where the tomcat developer/bugzilla person resolved the issue saying 
that CMS basic authentication cannot be manipulated in this way since 
the browser sends the login info with every request, requiring the user 
to close the browser before seeing another login request.

Is this the same for form-based authentication?

I thought that in tomcat4 I was getting new login request for the users 
just by invalidating their sessions. Am I deluding myself?


struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message