You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kar YEOW <ka...@apir.com.au> on 2001/10/22 05:39:37 UTC
How do you invalidate a single sign on session?
Anyone? TIA.
Kar
Re: How do you invalidate a single sign on session?
Posted by "Craig R. McClanahan" <cr...@apache.org>.
To invalidate the single sign on session, simply invalidate one of the
underlying logins. In practical terms, that means using form-based login
(which is based on standard sessions) and just invalidating the session.
Due to limitations in HTTP, there is no way for the server to invalidate a
BASIC or DIGEST mode login.
Craig
On Mon, 22 Oct 2001, Kar YEOW wrote:
> Date: Mon, 22 Oct 2001 13:39:37 +1000
> From: Kar YEOW <ka...@apir.com.au>
> Reply-To: tomcat-user@jakarta.apache.org, Kar YEOW <ka...@apir.com.au>
> To: tomcat-user@jakarta.apache.org
> Subject: How do you invalidate a single sign on session?
>
> Anyone? TIA.
> Kar
>
>