Hi André
I'm using Tomcat JDBCRealm to authentication and authorization in my
app.
Login works fine, and when the user press the logout button(calls the
session.invalidate()), he cannot login again.
You could try adding:
session.removeAttribute("User");
before you invalidate the session.
When the user tries to login, the application is redirected to the
page
which is configured in <form-error-page> in the web.xml. It is like
the user
entered the wrong password.
When you say "user can only login" .... do you mean tomcat gives them
the option to enter their user/pass and it's denied?
Tom
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]