https://issues.apache.org/bugzilla/show_bug.cgi?id=40775
Mark Thomas <ma...@apache.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Resolution| |WORKSFORME --- Comment #6 from Mark Thomas <ma...@apache.org> 2009-07-16 16:23:33 PST --- Sorry it has taken so long to get back to this. For the original issue, setting requireReauthentication="true" on the valve should give consistent behaviour. You won't be logged in to app 2 (and getRemoteUser() etc will return null) until you access a protected resource. At that point a logout in app2 will logout app 1. This also addresses Peter's concerns in comment #4. For the issue described in comment #5, the SSO valve is working as designed. One session timing out only invalidates that session. Associated SSO sessions are not affected. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org