When I call request.getUserPrincipal(); I still get the Principal back
and I can still call request.isUserInRole( "Foo" ); and get a valid
response for the currently logged in user.
John
From: John McPeek [mailto:[EMAIL PROTECTED]
Subject: FORM based authentication LOGOUT
I have tried to invalidate the session and get a new one.
No Dice.
When you say "No Dice", what actually happens?
All the admin app for Tomcat does is the following, which seems to work:
HttpSession session = request.getSession();
session.invalidate();
session = request.getSession(true);
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]