Thanks Keith,
I figured out what I did wrong. It turns out that my logout servlet was running in a separate Web application that is not part of the SSO Realm. Of course, session.invalidate() does nothing to the SSO session! Thanks a lot for your help!
Thanks a lot, -- Rick
Keith Bottner wrote:
request.getSession().invalidate();
You may also want to invalidate any cookies you have set, but that is specific to your needs.
Cookie cookies[] = request.getCookies(); Cookie cookie = null; for (int i = 0; i < cookies.length; i++) { cookie = cookies[i]; cookie.setMaxAge(0); response.addCookie(cookie); }
Keith
-----Original Message-----
From: Rick Wong [mailto:[EMAIL PROTECTED] Sent: Friday, August 27, 2004 5:14 PM
To: Tomcat Users List
Subject: How do I logout application(s) with Single-sign-on?
Hi,
I am using Tomcat 5.0. I enabled SSO to several application. I'd like to be about to logout from any application, and force subsequent access to any application to logout as well. How would I do that?
Thanks, -- Rick
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]