What is the best way to go about invalidating a session? Do I just go through the HttpSession object nulling everything or do I null objects in the java.security.Principal object?
Thanks! -- Sloan ----- Original Message ----- From: "Filip Hanik" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Thursday, February 13, 2003 5:38 PM Subject: RE: Login problems (still) for logout, you can simple invalidate your session. if you need to keep the session around after invalidating it, just create a new one and populate data to it Filip -----Original Message----- From: Sloan Seaman [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 13, 2003 2:40 PM To: Tomcat Users List Subject: Login problems (still) Ok, so I kind of have login authentication working to where I want it to work. But here is the next question? How do they logout/login again? What I did was have an index.jsp page have a link to a location within a security-context. So if they click on it it asks them to login and then forwards them to the proper place. Works great. Now, say I go back to the main index.jsp page and I want to login a someone else. Since I have already logged in as one person I clear the security check and go right to the page instead of getting the login page. If I have a link directly to the login page I start getting the invalid direct reference error. Should I just write a loginAction in struts and be done with it? If so, how can I get to the realm information? Thanks! -- Sloan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]