I have encountered the same problem with form based authentication. -----Original Message----- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 8 October 2002 16:39 To: Tomcat Users List Subject: Re: Session.invalidate() does not work
On Mon, 7 Oct 2002, Alex Imbastari wrote: > Date: Mon, 07 Oct 2002 19:45:27 +0100 > From: Alex Imbastari <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Session.invalidate() does not work > > Hi all > I am using TOmcat 4.1 with Basic Authentication with JDBC Realm. I log > off users using session.invalidate() but this doesn't seem to work. Any > suggesstions would be appreciated > You probably want to use form-based authentication instead. The reason for this is that use of BASIC authentication causes the *browser* to keep sending the authentication credentials with every request, and there doesn't seem to be any portable way of stopping this short of having the user close down and reopen their browser. > Thanks > Alex Craig -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>