Nigel, To logout, just invalidate the session. Every request the user is logged in and logged out, that is why they cache the credentials.
request.getSession().invalidate(); If you invalidate your session, the security associations will get disconnected from the client and then they will be "logged out". Hope that makes sense. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3913561#3913561 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3913561 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
