tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chema <>
Subject Realm & SSL : issue when logout
Date Wed, 07 Sep 2011 11:20:54 GMT

I've got a web application running on Tomcat 7.0.16
It uses realm authentication to validate users ( FORM login method
with a custom login page named login.html)
and it's secured by SSL with


So, if I write https://localhost:8080/protected.html, Tomcat redirect
to my login.html page to authenticate the user,
and , if it's valid,  returns main.html.
All fine

The web application has got a service to implement a logout with 2 steps:

- session.invalidate()
- redirect to protected.html

Well, when I invoked last service, I hoped that when redirecting to
protected.html, as I invalidated session before and protected.html is
a protected resource, Tomcat redirected my browser to login.html.
But didn't : protected.html was returned.

If I repeat this steps without SSL configuration , Tomcat does
(redirects my browser to login.html)

What I need to finish a SSL session and realm mechanism knows it ?

Thanks and regards

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message