On Thu, 21 Jun 2001, Jon.Ridgway wrote:
> Hi All,
>
> This isn't a struts specific question, but someone may have an answer...
>
> I'm using form based auth in my Struts based app and I need an option to log
> user out. Right now my LogoutAction perform method calls request.getSession
> (false).invalidate(). The problem is that the container (in this specific
> case Tomcat 3.2.1) doesn't recognize that the user has been logged out. As
> no attempt is made to re-auth them. Is there a standard Java way to log a
> user out and force a container to re-auth ?
>
Make sure that you invalidate the session *before* the response has been
committed. Otherwise, the cookie deletion (which is necessary to
implement the session invalidation) is ignored, because the HTTP headers
will have already been sent.
> Jon.
>
Craig
