> Why bother? > > " > As soon as the user logs out of one web application (for example, by > invalidating the corresponding session if form based login is used), the > user's sessions in all web applications will be invalidated. Any > subsequent attempt to access a protected resource in any application > will require the user to authenticate himself or herself again. > "
Right. But the application requires than an administrator can expulse an user. It's a client requirement. So, I need to record all "SSO sessions" FYI, I made it using by JSESSIONIDSSO cookie and works fine Thanks --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org