You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Kar YEOW <ka...@apir.com.au> on 2001/10/22 05:39:37 UTC

How do you invalidate a single sign on session?

Anyone?  TIA.
Kar

Re: How do you invalidate a single sign on session?

Posted by "Craig R. McClanahan" <cr...@apache.org>.

To invalidate the single sign on session, simply invalidate one of the
underlying logins.  In practical terms, that means using form-based login
(which is based on standard sessions) and just invalidating the session.

Due to limitations in HTTP, there is no way for the server to invalidate a
BASIC or DIGEST mode login.

Craig

On Mon, 22 Oct 2001, Kar YEOW wrote:

> Date: Mon, 22 Oct 2001 13:39:37 +1000
> From: Kar YEOW <ka...@apir.com.au>
> Reply-To: tomcat-user@jakarta.apache.org, Kar YEOW <ka...@apir.com.au>
> To: tomcat-user@jakarta.apache.org
> Subject: How do you invalidate a single sign on session?
>
> Anyone?  TIA.
> Kar
>
>