Hello:
I've got a web application running on Tomcat 7.0.16
It uses realm authentication to validate users ( FORM login method
with a custom login page named login.html)
and it's secured by SSL with
<security-constraint>
<web-resource-collection>
<web-resource-name>ssl</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
So, if I write https://localhost:8080/protected.html, Tomcat redirect
to my login.html page to authenticate the user,
and , if it's valid, returns main.html.
All fine
The web application has got a service to implement a logout with 2 steps:
- session.invalidate()
- redirect to protected.html
Well, when I invoked last service, I hoped that when redirecting to
protected.html, as I invalidated session before and protected.html is
a protected resource, Tomcat redirected my browser to login.html.
But didn't : protected.html was returned.
If I repeat this steps without SSL configuration , Tomcat does
(redirects my browser to login.html)
What I need to finish a SSL session and realm mechanism knows it ?
Thanks and regards
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
