tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: FORM based authentication LOGOUT
Date Fri, 03 Nov 2006 14:01:35 GMT
John,

> When I call request.getUserPrincipal(); I still get the Principal back
> and I can still call request.isUserInRole( "Foo" ); and get a valid
> response for the currently logged in user.

Are you checking those values during the same request in which you
killed the session? It's possible that the request needs to be recycled
(or a new session created) before getUserPrincipal and isUserInRole will
return different values. Just a thought?

-chris

> 
> John
> 
>>> From: John McPeek [mailto:spambomb@bellsouth.net] Subject: FORM based
>>> authentication LOGOUT
>>>
>>> I have tried to invalidate the session and get a new one.
>>> No Dice.
>>>   
>>
>> When you say "No Dice", what actually happens?
>>
>> All the admin app for Tomcat does is the following, which seems to work:
>>
>>        HttpSession session = request.getSession();
>>        session.invalidate();
>>        session = request.getSession(true);
>>
>> - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail
>> and its attachments from all computers.
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>  
>>
> 
> 


Mime
View raw message