On Tue, 8 Oct 2002, Gary Henson wrote:
> Date: Tue, 8 Oct 2002 16:45:11 +1300
> From: Gary Henson <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: 'Tomcat Users List' <[EMAIL PROTECTED]>
> Subject: RE: Session.invalidate() does not work
>
> I have encountered the same problem with form based authentication.
>
I haven't. Case study example -- the admin webapp in Tomcat 4.1 uses this
approach, and it really does log you off when the session is invalidated
(or times out).
Craig
> -----Original Message-----
> From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, 8 October 2002 16:39
> To: Tomcat Users List
> Subject: Re: Session.invalidate() does not work
>
> On Mon, 7 Oct 2002, Alex Imbastari wrote:
>
> > Date: Mon, 07 Oct 2002 19:45:27 +0100
> > From: Alex Imbastari <[EMAIL PROTECTED]>
> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: Session.invalidate() does not work
> >
> > Hi all
> > I am using TOmcat 4.1 with Basic Authentication with JDBC Realm. I
> log
> > off users using session.invalidate() but this doesn't seem to work.
> Any
> > suggesstions would be appreciated
> >
>
> You probably want to use form-based authentication instead.
>
> The reason for this is that use of BASIC authentication causes the
> *browser* to keep sending the authentication credentials with every
> request, and there doesn't seem to be any portable way of stopping this
> short of having the user close down and reopen their browser.
>
> > Thanks
> > Alex
>
> Craig
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
