All: I received several replies to my original question, all of which indicated that, in order to do a forceful logout, I needed to use FORM-based CMA rather than BASIC. One of the replies recommended an article on the topic, which I downloaded and read.
I implemented FORM-based authentication, making the changes to my web.xml, indicating the login form and error page, etc. The container (Tomcat 4.0) seems to know that I want FORM-based authentication, since it pops up my login page. I did, by the way, include the fields j_username and j_password, and my form action is j_security_check, as per the instructions. However, when I press the submit button, my browser gives me a 404 not-found error on the (nonexistent, of course) page j_security_check. I've checked the Apache and Tomcat logs, and one of the Tomcat logs tells me that it has "Configured an authenticator for method FORM", but it still seems to be looking for a page by that name rather than invoking the method. Anyone have any ideas? Charles McClain Phone: 603.659.2046 email: [EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>