logout and login again

[Werner van Mook <we...@connecties.com>]

Hi,

I'm new to this list so forgive me if this questions has been asked 
before.
(although I couldn't find it in the archives).

I have a web app for which a user has to log in with a name and 
password.
I give the users a way to logout by invalidating the current session.

Now it should be possible to go back to the page where you have to log 
in and ask for the name and password.

This will not work for me. My browser does not show a login window.
It only shows it when I restart my browser.

I use basic authentication with the standard tomcat memory realm.

I hope I'm clear in my story.

Can anybody point me in the right direction.

Werner


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: logout and login again

["G. Wade Johnson" <wa...@abbnm.com>]

That would remove the issue of the browser "helping" you. If I
understand  your problem correctly, it should solve the problem.

G. Wade

Werner van Mook wrote:
> 
> Does this mean that using something else (e.g. FORM) will solve my
> problem?
> 
> Werner
> 
> On Thursday, May 15, 2003, at 04:46 PM, G. Wade Johnson wrote:
> 
> > One surprise with the BASIC authentication is that the browser retains
> > the userid and password you enter until it is restarted.
> >
> > When you invalidate the session, your server will rerequest the basic
> > authentication from the browser. The browser finds that it already has
> > a userid and password for this server/realm combination and sends it
> > without bothering the end user.
> >
> > G. Wade
> >
> > Werner van Mook wrote:
> >>
> >> Hi,
> >>
> >> I'm new to this list so forgive me if this questions has been asked
> >> before.
> >> (although I couldn't find it in the archives).
> >>
> >> I have a web app for which a user has to log in with a name and
> >> password.
> >> I give the users a way to logout by invalidating the current session.
> >>
> >> Now it should be possible to go back to the page where you have to log
> >> in and ask for the name and password.
> >>
> >> This will not work for me. My browser does not show a login window.
> >> It only shows it when I restart my browser.
> >>
> >> I use basic authentication with the standard tomcat memory realm.
> >>
> >> I hope I'm clear in my story.
> >>
> >> Can anybody point me in the right direction.
> >>
> >> Werner
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: logout and login again

[Werner van Mook <we...@connecties.com>]

Does this mean that using something else (e.g. FORM) will solve my 
problem?

Werner

On Thursday, May 15, 2003, at 04:46 PM, G. Wade Johnson wrote:

> One surprise with the BASIC authentication is that the browser retains
> the userid and password you enter until it is restarted.
>
> When you invalidate the session, your server will rerequest the basic
> authentication from the browser. The browser finds that it already has
> a userid and password for this server/realm combination and sends it
> without bothering the end user.
>
> G. Wade
>
> Werner van Mook wrote:
>>
>> Hi,
>>
>> I'm new to this list so forgive me if this questions has been asked
>> before.
>> (although I couldn't find it in the archives).
>>
>> I have a web app for which a user has to log in with a name and
>> password.
>> I give the users a way to logout by invalidating the current session.
>>
>> Now it should be possible to go back to the page where you have to log
>> in and ask for the name and password.
>>
>> This will not work for me. My browser does not show a login window.
>> It only shows it when I restart my browser.
>>
>> I use basic authentication with the standard tomcat memory realm.
>>
>> I hope I'm clear in my story.
>>
>> Can anybody point me in the right direction.
>>
>> Werner
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: logout and login again

["G. Wade Johnson" <wa...@abbnm.com>]

One surprise with the BASIC authentication is that the browser retains
the userid and password you enter until it is restarted.

When you invalidate the session, your server will rerequest the basic
authentication from the browser. The browser finds that it already has
a userid and password for this server/realm combination and sends it
without bothering the end user.

G. Wade

Werner van Mook wrote:
> 
> Hi,
> 
> I'm new to this list so forgive me if this questions has been asked
> before.
> (although I couldn't find it in the archives).
> 
> I have a web app for which a user has to log in with a name and
> password.
> I give the users a way to logout by invalidating the current session.
> 
> Now it should be possible to go back to the page where you have to log
> in and ask for the name and password.
> 
> This will not work for me. My browser does not show a login window.
> It only shows it when I restart my browser.
> 
> I use basic authentication with the standard tomcat memory realm.
> 
> I hope I'm clear in my story.
> 
> Can anybody point me in the right direction.
> 
> Werner
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: logout and login again

[Werner van Mook <we...@connecties.com>]

I  just do

HttpSession mySession = req.getSession();
mySession.invalidate();

Werner

On Thursday, May 15, 2003, at 04:38 PM, John Turner wrote:

>
> How do you invalidate the user's session?
>
> John
>
> On Thu, 15 May 2003 16:28:28 +0200, Werner van Mook 
> <we...@connecties.com> wrote:
>
>> Hi,
>>
>> I'm new to this list so forgive me if this questions has been asked 
>> before.
>> (although I couldn't find it in the archives).
>>
>> I have a web app for which a user has to log in with a name and 
>> password.
>> I give the users a way to logout by invalidating the current session.
>>
>> Now it should be possible to go back to the page where you have to 
>> log in and ask for the name and password.
>>
>> This will not work for me. My browser does not show a login window.
>> It only shows it when I restart my browser.
>>
>> I use basic authentication with the standard tomcat memory realm.
>>
>> I hope I'm clear in my story.
>>
>> Can anybody point me in the right direction.
>>
>> Werner
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>
>
>
> -- 
> Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: logout and login again

[John Turner <to...@johnturner.com>]

How do you invalidate the user's session?

John

On Thu, 15 May 2003 16:28:28 +0200, Werner van Mook <we...@connecties.com> 
wrote:

> Hi,
>
> I'm new to this list so forgive me if this questions has been asked 
> before.
> (although I couldn't find it in the archives).
>
> I have a web app for which a user has to log in with a name and password.
> I give the users a way to logout by invalidating the current session.
>
> Now it should be possible to go back to the page where you have to log in 
> and ask for the name and password.
>
> This will not work for me. My browser does not show a login window.
> It only shows it when I restart my browser.
>
> I use basic authentication with the standard tomcat memory realm.
>
> I hope I'm clear in my story.
>
> Can anybody point me in the right direction.
>
> Werner
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>



-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org