Hi, I have been researching the archives trying to resolve an issue. http://www.mail-archive.com/struts-user@jakarta.apache.org/msg10294.html http://www.mail-archive.com/struts-user@jakarta.apache.org/msg14538.html
These threads describe my situation pretty closely (although not exactly) and the solutions provided have not worked for me. I will describe the problem here again and hope that someone out there may be able to offer advice. I am attempting to implement a Logout action which will log out the user and forward them back to the main page of the application. The main page action itself is secure and should prompt for authentication before allowing the page to be viewed. In the logout action: a) invalidate the session b) forward to the application’s main page (redirect=true) Now, normally if I just log into this application (let’s call it Application A), do stuff, and then log out, the logout is successful and the login page appears as expected. Now, here’s the twist. If I log into another application (let’s call it Application B) and just change the url (without logging out) to point to Application A, log in and then try to log out of Application A, then it does not log out. It behaves as though the user was still authenticated. If I log out of Application B before changing the url to point to Application A then I am able to log out successfully. Let's review the scenarios. Scenario A - bring up new browser window - log into ‘Application A’ - do stuff in ‘Application A’ - log out - result: logs out properly. Scenario B - bring up new browser window - log into ‘Application B’ - change url, without logging out of ‘Application B’, to ‘Application A’ - log into ‘Application A’ - do stuff in ‘Application A’ - log out of ‘Application A’ - result: does not log out properly, it should prompt for authentication before showing main page, but does not. Scenario C - bring up new browser window - log into ‘Application B’ - log out of ‘Application B’ - change url to ‘Application A’ - log into ‘Application A’ - do stuff (ie. go to add page) - log out of ‘Application A’ - result: logs out properly. I guess if the users were properly disciplined to log out of their application before moving on to another application then this would never be a problem…but… the world is not so perfect. Any ideas? Has anyone encountered this before. I am running Weblogic 5.1 sp10 using Struts 1.0 release. Thanks, Michelle _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
