John,
> When I call request.getUserPrincipal(); I still get the Principal back
> and I can still call request.isUserInRole( "Foo" ); and get a valid
> response for the currently logged in user.
Are you checking those values during the same request in which you
killed the session? It's possible th
When I call request.getUserPrincipal(); I still get the Principal back
and I can still call request.isUserInRole( "Foo" ); and get a valid
response for the currently logged in user.
John
From: John McPeek [mailto:[EMAIL PROTECTED]
Subject: FORM based authentication LOGOUT
I have tried to in
> From: John McPeek [mailto:[EMAIL PROTECTED]
> Subject: FORM based authentication LOGOUT
>
> I have tried to invalidate the session and get a new one.
> No Dice.
When you say "No Dice", what actually happens?
All the admin app for Tomcat does is the following, which seems to work:
Htt
