Hello: I've got a web application running on Tomcat 7.0.16 It uses realm authentication to validate users ( FORM login method with a custom login page named login.html) and it's secured by SSL with
<security-constraint> <web-resource-collection> <web-resource-name>ssl</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> So, if I write https://localhost:8080/protected.html, Tomcat redirect to my login.html page to authenticate the user, and , if it's valid, returns main.html. All fine The web application has got a service to implement a logout with 2 steps: - session.invalidate() - redirect to protected.html Well, when I invoked last service, I hoped that when redirecting to protected.html, as I invalidated session before and protected.html is a protected resource, Tomcat redirected my browser to login.html. But didn't : protected.html was returned. If I repeat this steps without SSL configuration , Tomcat does (redirects my browser to login.html) What I need to finish a SSL session and realm mechanism knows it ? Thanks and regards --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org