> Why getContext("/app") ??
>
> HTTP Sessions are local to each web application.
>
> If "protected.html" belongs to a different web application, it would
> not (and cannot) know that you invalidated session in this webapp.Hi You're right: protected.html belongs another web application. But my Tomcat is configurated with Single Sign On and, about docs, "as soon as the user logs out of one web application (for example, by invalidating the corresponding session if form based login is used), the user's sessions in all web applications will be invalidated." http://tomcat.apache.org/tomcat-7.0-doc/config/host.html#Single Sign On Anyway, this problem also occurs with a single and simple web application. As I told in another thread, this issue was solved, at least, in Tomcat 7.0.21 ( My tests were on 7.0.11 ) Regards --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
