DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12147>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12147 session logout() method does not invalidate the session [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Additional Comments From [EMAIL PROTECTED] 2002-09-05 13:08 ------- Hi. "Basic Authentication" works by challening the browswer when a protected resource is requested. Thereafter, the browser supplies the username/password/domain with every subsequent request. Esentially the browser logs in everytime a request is made. Therefore, the logout() method cannot cause the user to get a "login dialog." When using "Basic Authentication", calling logout() clears the user's session. If using SingleSignOn, then all the users sessions are cleared. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>