When I call request.getUserPrincipal(); I still get the Principal back
and I can still call request.isUserInRole( "Foo" ); and get a valid
response for the currently logged in user.
John
>>From: John McPeek [mailto:spambomb@bellsouth.net]
>>Subject: FORM based authentication LOGOUT
>>
>>I have tried to invalidate the session and get a new one.
>>No Dice.
>>
>>
>
>When you say "No Dice", what actually happens?
>
>All the admin app for Tomcat does is the following, which seems to work:
>
> HttpSession session = request.getSession();
> session.invalidate();
> session = request.getSession(true);
>
> - Chuck
>
>
>THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>MATERIAL and is thus for use only by the intended recipient. If you
>received this in error, please contact the sender and delete the e-mail
>and its attachments from all computers.
>
>---------------------------------------------------------------------
>To start a new topic, e-mail: users@tomcat.apache.org
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>
|