markt-asf commented on PR #924:
URL: https://github.com/apache/tomcat/pull/924#issuecomment-3574252310
Changing the authentication type is not an option. It will break too many
automated tools that use the text based interface.
I also do see any uses of `request.getAuthType()`.
This is starting to feel like interacting with AI. ("You were absolutely
right on all points.", references to sending a 401 that don't exist, references
to `request.getAuthType()` that don't exist).
My sense remains that using `HttpServletRequest.logout()` is the right way
to go but the real work (that has yet to be done) is in investigating how
feasible it is for each of the `Authenticator` implementations in Tomcat to
implement a true logout.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
