tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John McPeek <spamb...@bellsouth.net>
Subject Re: FORM based authentication LOGOUT
Date Fri, 03 Nov 2006 11:07:12 GMT
When I call request.getUserPrincipal(); I still get the Principal back 
and I can still call request.isUserInRole( "Foo" ); and get a valid 
response for the currently logged in user.

John

>>From: John McPeek [mailto:spambomb@bellsouth.net] 
>>Subject: FORM based authentication LOGOUT
>>
>>I have tried to invalidate the session and get a new one.
>>No Dice.
>>    
>>
>
>When you say "No Dice", what actually happens?
>
>All the admin app for Tomcat does is the following, which seems to work:
>
>        HttpSession session = request.getSession();
>        session.invalidate();
>        session = request.getSession(true);
>
> - Chuck
>
>
>THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>MATERIAL and is thus for use only by the intended recipient. If you
>received this in error, please contact the sender and delete the e-mail
>and its attachments from all computers.
>
>---------------------------------------------------------------------
>To start a new topic, e-mail: users@tomcat.apache.org
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>  
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message