Servlet API 2.2 specifies that getRemoteUser, isUserInRole, and
getUserPrincipal are methods of *HttpServletRequest* interface. A servlet
designer can try to use these metods when there is no HttpSession object
created, so it would be incorrect to assume that invalidating non-existing
session will help to initiate a logout for a specific user.
Victor
----- Original Message -----
From: "Alex Smith" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 28, 2000 10:47 PM
Subject: Re: How to logout in case of lazy login
> Invalidating the session and redirecting to the login page will do it.
>
> Alex
>
>
> ----Original Message Follows----
> From: Victor Miksonov <[EMAIL PROTECTED]>
> Subject: How to logout in case of lazy login
> Date: Thu, 27 Jan 2000 13:03:49 -0800
>
> If I decide to use the declarative security then how can I do an explicit
> logout in this case? I cannot find a method in the Servlet API that helps
me
> to do it.
>
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
