You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Alex Imbastari <ai...@socal.rr.com> on 2002/10/07 20:45:27 UTC

Session.invalidate() does not work

Hi all
I am using TOmcat 4.1 with Basic  Authentication with JDBC Realm.  I log 
off users using session.invalidate() but this doesn't seem to work.  Any 
suggesstions would be appreciated

Thanks
Alex



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Session.invalidate() does not work

Posted by "Craig R. McClanahan" <cr...@apache.org>.

On Mon, 7 Oct 2002, Alex Imbastari wrote:

> Date: Mon, 07 Oct 2002 19:45:27 +0100
> From: Alex Imbastari <ai...@socal.rr.com>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: Session.invalidate() does not work
>
> Hi all
> I am using TOmcat 4.1 with Basic  Authentication with JDBC Realm.  I log
> off users using session.invalidate() but this doesn't seem to work.  Any
> suggesstions would be appreciated
>

You probably want to use form-based authentication instead.

The reason for this is that use of BASIC authentication causes the
*browser* to keep sending the authentication credentials with every
request, and there doesn't seem to be any portable way of stopping this
short of having the user close down and reopen their browser.

> Thanks
> Alex

Craig

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>