-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Steven,
On 2/13/13 3:01 PM, Adamus, Steven J. wrote: > Nothing is going on. When the smartcard is removed, nothing goes > across the wire, so how could Tomcat possibly invalidate the > session? !!? OP reports that a new SmartCard is being inserted and either the old session persists (and the new user is allowed to masquerade as the old user) or the new user is not authenticated but still allowed to access their own resources. Sounds like the former, but it's worth asking. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlEb988ACgkQ9CaO5/Lv0PCFsgCcDlhlJhACoMh2RSIpXVBOzgtm MHwAn1JhRSiglldzKfScPjmvyBly8mYO =NZsb -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org