You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Werner van Mook <we...@connecties.com> on 2003/05/15 16:28:28 UTC
logout and login again
Hi,
I'm new to this list so forgive me if this questions has been asked
before.
(although I couldn't find it in the archives).
I have a web app for which a user has to log in with a name and
password.
I give the users a way to logout by invalidating the current session.
Now it should be possible to go back to the page where you have to log
in and ask for the name and password.
This will not work for me. My browser does not show a login window.
It only shows it when I restart my browser.
I use basic authentication with the standard tomcat memory realm.
I hope I'm clear in my story.
Can anybody point me in the right direction.
Werner
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: logout and login again
Posted by "G. Wade Johnson" <wa...@abbnm.com>.
That would remove the issue of the browser "helping" you. If I
understand your problem correctly, it should solve the problem.
G. Wade
Werner van Mook wrote:
>
> Does this mean that using something else (e.g. FORM) will solve my
> problem?
>
> Werner
>
> On Thursday, May 15, 2003, at 04:46 PM, G. Wade Johnson wrote:
>
> > One surprise with the BASIC authentication is that the browser retains
> > the userid and password you enter until it is restarted.
> >
> > When you invalidate the session, your server will rerequest the basic
> > authentication from the browser. The browser finds that it already has
> > a userid and password for this server/realm combination and sends it
> > without bothering the end user.
> >
> > G. Wade
> >
> > Werner van Mook wrote:
> >>
> >> Hi,
> >>
> >> I'm new to this list so forgive me if this questions has been asked
> >> before.
> >> (although I couldn't find it in the archives).
> >>
> >> I have a web app for which a user has to log in with a name and
> >> password.
> >> I give the users a way to logout by invalidating the current session.
> >>
> >> Now it should be possible to go back to the page where you have to log
> >> in and ask for the name and password.
> >>
> >> This will not work for me. My browser does not show a login window.
> >> It only shows it when I restart my browser.
> >>
> >> I use basic authentication with the standard tomcat memory realm.
> >>
> >> I hope I'm clear in my story.
> >>
> >> Can anybody point me in the right direction.
> >>
> >> Werner
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: logout and login again
Posted by Werner van Mook <we...@connecties.com>.
Does this mean that using something else (e.g. FORM) will solve my
problem?
Werner
On Thursday, May 15, 2003, at 04:46 PM, G. Wade Johnson wrote:
> One surprise with the BASIC authentication is that the browser retains
> the userid and password you enter until it is restarted.
>
> When you invalidate the session, your server will rerequest the basic
> authentication from the browser. The browser finds that it already has
> a userid and password for this server/realm combination and sends it
> without bothering the end user.
>
> G. Wade
>
> Werner van Mook wrote:
>>
>> Hi,
>>
>> I'm new to this list so forgive me if this questions has been asked
>> before.
>> (although I couldn't find it in the archives).
>>
>> I have a web app for which a user has to log in with a name and
>> password.
>> I give the users a way to logout by invalidating the current session.
>>
>> Now it should be possible to go back to the page where you have to log
>> in and ask for the name and password.
>>
>> This will not work for me. My browser does not show a login window.
>> It only shows it when I restart my browser.
>>
>> I use basic authentication with the standard tomcat memory realm.
>>
>> I hope I'm clear in my story.
>>
>> Can anybody point me in the right direction.
>>
>> Werner
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: logout and login again
Posted by "G. Wade Johnson" <wa...@abbnm.com>.
One surprise with the BASIC authentication is that the browser retains
the userid and password you enter until it is restarted.
When you invalidate the session, your server will rerequest the basic
authentication from the browser. The browser finds that it already has
a userid and password for this server/realm combination and sends it
without bothering the end user.
G. Wade
Werner van Mook wrote:
>
> Hi,
>
> I'm new to this list so forgive me if this questions has been asked
> before.
> (although I couldn't find it in the archives).
>
> I have a web app for which a user has to log in with a name and
> password.
> I give the users a way to logout by invalidating the current session.
>
> Now it should be possible to go back to the page where you have to log
> in and ask for the name and password.
>
> This will not work for me. My browser does not show a login window.
> It only shows it when I restart my browser.
>
> I use basic authentication with the standard tomcat memory realm.
>
> I hope I'm clear in my story.
>
> Can anybody point me in the right direction.
>
> Werner
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: logout and login again
Posted by Werner van Mook <we...@connecties.com>.
I just do
HttpSession mySession = req.getSession();
mySession.invalidate();
Werner
On Thursday, May 15, 2003, at 04:38 PM, John Turner wrote:
>
> How do you invalidate the user's session?
>
> John
>
> On Thu, 15 May 2003 16:28:28 +0200, Werner van Mook
> <we...@connecties.com> wrote:
>
>> Hi,
>>
>> I'm new to this list so forgive me if this questions has been asked
>> before.
>> (although I couldn't find it in the archives).
>>
>> I have a web app for which a user has to log in with a name and
>> password.
>> I give the users a way to logout by invalidating the current session.
>>
>> Now it should be possible to go back to the page where you have to
>> log in and ask for the name and password.
>>
>> This will not work for me. My browser does not show a login window.
>> It only shows it when I restart my browser.
>>
>> I use basic authentication with the standard tomcat memory realm.
>>
>> I hope I'm clear in my story.
>>
>> Can anybody point me in the right direction.
>>
>> Werner
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>
>
>
> --
> Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: logout and login again
Posted by John Turner <to...@johnturner.com>.
How do you invalidate the user's session?
John
On Thu, 15 May 2003 16:28:28 +0200, Werner van Mook <we...@connecties.com>
wrote:
> Hi,
>
> I'm new to this list so forgive me if this questions has been asked
> before.
> (although I couldn't find it in the archives).
>
> I have a web app for which a user has to log in with a name and password.
> I give the users a way to logout by invalidating the current session.
>
> Now it should be possible to go back to the page where you have to log in
> and ask for the name and password.
>
> This will not work for me. My browser does not show a login window.
> It only shows it when I restart my browser.
>
> I use basic authentication with the standard tomcat memory realm.
>
> I hope I'm clear in my story.
>
> Can anybody point me in the right direction.
>
> Werner
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org