Hmmm, By Session I assume you mean HttpSession. I have below code in the doPost of the Login click.
HttpSession session = req.getSession(); session.invalidate(); And then I am redirecting to Login page. Next when I try to login in the same browser session, it shows an error (error code 408) page saying.. ============================================================================================ HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser ------------------------------ *type* Status report *message* *The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser* *description* *The client did not produce a request within the time that the server was prepared to wait (The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser).* ------------------------------ Apache Tomcat/7.0.27 =========================================================================================== Ideally I should be able to login once I click on the logout in the same browser session. I am also able to go back to the page by clicking on the back button of the browser twice as suggested by the error message. Although on opening a new browser session it is logging in correctly. I also put some log in the LoginModule.logout() and found that logout() is not getting callled at all.. On Tue, Jun 19, 2012 at 1:13 PM, Casper Wandahl Schmidt < kalle.pri...@gmail.com> wrote: > > Den 19-06-2012 08:41, javed Ansari skrev: > > Hi, >> >> But how to call the logout on my LoginModule? That is my actual question. >> I >> do not have a LoginModule object with me. LoginModule is called by tomcat >> himself when we use Form Based Authentication. >> > Read what EJP said again. When you call Session.invalidate() or > HttpServletRequest.logout() it should call logout on LoginModule for you! > > Med venlig hilsen/Kind regards > Casper W. Schmidt > > > >> ==============================**==============================**= >> Javed >> >> Just call Session.invalidate() or HttpServletRequest.logout(). The >> JAASRealm >> will do the rest, and call logout() on your LoginModule. Note that you >> can't >> assume it is the same instance of your login module, that's what all the >> shared state is for. >> >> EJP >> >> > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > users-unsubscribe@tomcat.**apache.org<users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > >
