tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chema <>
Subject Re: Realm & SSL : issue when logout
Date Tue, 27 Sep 2011 06:56:01 GMT
> Why getContext("/app") ??
> HTTP Sessions are local to each web application.
> If "protected.html" belongs to a different web application, it would
> not (and cannot) know that you invalidated session in this webapp.


You're right: protected.html belongs another web application.
But my Tomcat is configurated with Single Sign On and, about docs,

"as soon as the user logs out of one web application (for example, by
invalidating the corresponding session if form based login is used),
the user's sessions in all web applications will be invalidated." Sign On

Anyway,  this problem also occurs with a single and simple web application.
As I told in another thread, this issue was solved, at least, in Tomcat 7.0.21
( My tests were on 7.0.11 )


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message