tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Logout mechanism on Digest Authentication
Date Tue, 19 Jan 2010 11:32:48 GMT
vpapado wrote:
> Hello,
> 
> I have a problem in logout mechanism for my web app. For logging in I use
> Digest Authentication. Here is how things go:
> 
...
> 
> Is there a problem in logout mechanism for Digest Authentication? Is logout
> not supported for diggest authentication? How could I manage to logout?
> I use Tomcat6.
> 
In HTTP neither Basic nor Digest authentication provide a "logout" 
mechanism.  That is not an issue specific to Tomcat, it is a generic 
characteristic of the protocol.
The browser "memorises" the authentication entered by the user for a 
combination of host/realm, and will automatically re-submit the needed 
authentication headers whenever the server requests an authentication 
for the same realm, without user intervention.
In other words, the only way to "logout" is to close the browser and 
re-open it.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message