-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 1/19/2010 6:32 AM, André Warnier wrote: > vpapado wrote: >> Hello, >> >> I have a problem in logout mechanism for my web app. For logging in I use >> Digest Authentication. Here is how things go: >> > ... >> >> Is there a problem in logout mechanism for Digest Authentication? Is >> logout >> not supported for diggest authentication? How could I manage to logout? >> I use Tomcat6. >> > In HTTP neither Basic nor Digest authentication provide a "logout" > mechanism. That is not an issue specific to Tomcat, it is a generic > characteristic of the protocol. > The browser "memorises" the authentication entered by the user for a > combination of host/realm, and will automatically re-submit the needed > authentication headers whenever the server requests an authentication > for the same realm, without user intervention. > In other words, the only way to "logout" is to close the browser and > re-open it. Not necessarily. In your webapp, if you send another WWW-Authenticate header to the browser, it will generally "forget" the credentials it had been using. There is no guarantee of this, however it usually works. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktVxpwACgkQ9CaO5/Lv0PD79QCbB45BStGoG1RtKj5CZrVgJAJB 70YAnR14UytcEr2wXwbi7hQAuEOD5m50 =NSux -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org