Hi All =)
This is my first message here, sorry for the poor english.
I'm using Tomcat JDBCRealm to authentication and authorization in my app.
Login works fine, and when the user press the logout button(calls the
session.invalidate()), he cannot login again.
When the user tries to login, the application is redirected to the page
which is configured in <form-error-page> in the web.xml. It is like the user
entered the wrong password.
This is my problem.
The user makes the login and then the logout. After this, the user only can
login again if the Tomcat is restarted.
It is like tomcat is holding the login.
I'm using Tomcat 6.
My configurations:
logout.jsp
<%
session.invalidate();
response.sendRedirect("/WebDesktop");
%>
web.xml
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/pages/login.faces</form-login-page>
<form-error-page>/pages/error.faces</form-error-page>
</form-login-config>
</login-config>
Any idea ?
--
André SIlva
