Removing an authenticated session

[Johan Haleby <ha...@gmail.com>]

Hi!

I have a filter that passes the username and password entered in the basic
http authentication pop up dialog to a login.jsp which redirects to a
servlet that does the actuall authentication. Since my authentication takes
place somewhere else, I would like the basic http authentication pop up
window to be displayed again if the authentication fails. I.e. the servlet
to which I send the username and password redirects to the protected
login.jsp if the user has entered an incorrect username or password. But
since there's already an established authenticated session with tomcat
regardless of what the users has entered, this will result in an infinte
loop of reloads. So I need to somehow remove the authenticated session
before I redirect to the authentication servlet, either from the filter or
from the JSP. Does anyone know what I should do? I was thinking about
removing the session cookies programatically from a my login.jsp, but when I
tried removing them by hand in Firefox I still didn't see the pop up dialog.
But removing the "authenticated sessions" in Firefox helped, so I'm looking
for something like this.

Thanks,
Johan