On 07/09/2011 12:20, Chema wrote: > Hello: > > I've got a web application running on Tomcat 7.0.16 > It uses realm authentication to validate users ( FORM login method > with a custom login page named login.html) > and it's secured by SSL with > > <security-constraint> > <web-resource-collection> > <web-resource-name>ssl</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > So, if I write https://localhost:8080/protected.html, Tomcat redirect > to my login.html page to authenticate the user, > and , if it's valid, returns main.html. > All fine > > > The web application has got a service to implement a logout with 2 steps: > > - session.invalidate() > - redirect to protected.html > > > Well, when I invoked last service, I hoped that when redirecting to > protected.html, as I invalidated session before and protected.html is > a protected resource, Tomcat redirected my browser to login.html. > But didn't : protected.html was returned. > > If I repeat this steps without SSL configuration , Tomcat does > (redirects my browser to login.html) > > > What I need to finish a SSL session and realm mechanism knows it ?
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Using_the_SSL_for_session_tracking_in_your_application Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org