You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Alex Imbastari <ai...@socal.rr.com> on 2002/10/07 20:45:27 UTC
Session.invalidate() does not work
Hi all
I am using TOmcat 4.1 with Basic Authentication with JDBC Realm. I log
off users using session.invalidate() but this doesn't seem to work. Any
suggesstions would be appreciated
Thanks
Alex
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Session.invalidate() does not work
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Mon, 7 Oct 2002, Alex Imbastari wrote:
> Date: Mon, 07 Oct 2002 19:45:27 +0100
> From: Alex Imbastari <ai...@socal.rr.com>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: Session.invalidate() does not work
>
> Hi all
> I am using TOmcat 4.1 with Basic Authentication with JDBC Realm. I log
> off users using session.invalidate() but this doesn't seem to work. Any
> suggesstions would be appreciated
>
You probably want to use form-based authentication instead.
The reason for this is that use of BASIC authentication causes the
*browser* to keep sending the authentication credentials with every
request, and there doesn't seem to be any portable way of stopping this
short of having the user close down and reopen their browser.
> Thanks
> Alex
Craig
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>