Hi,
This is my experience in WebSphere(Container Managed Security)
WebSphere stores Authenticated credentials in a Cookie (a LTPA Cookie)
The other App Servers might implement things differently.
So as long as this cookie is valid then the user would not be challenged
again.
So this has got
Hi,
I am using the invalidate() method to force logout of the logged client
but even after a call to this method, clients can navigate to a secured
content without beeing prompt for their password.
Do you know what the problem is and/or how to solve it ?
thanks,
ionel
for J2EE
Moderador SouJava - www.soujava.org.br
- Original Message -
From: Ionel Gardais [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Wednesday, July 30, 2003 11:47 AM
Subject: request.getSession().invalidate() problem
Hi,
I am using the invalidate() method
Ionel Gardais wrote:
Hi,
I am using the invalidate() method to force logout of the logged client
but even after a call to this method, clients can navigate to a secured
content without beeing prompt for their password.
Do you know what the problem is and/or how to solve it ?
This only works
4 matches
Mail list logo
