Right, SSO is all proprietary to vendors. However, the stock session.invalidate with normal form authentication will cause a user to have to relogin.
-andy > From: Don Brady <[EMAIL PROTECTED]> > Reply-To: "Research Triangle Java User's Group mailing > list."<[EMAIL PROTECTED]> > Date: Sun, 11 Apr 2004 19:12:38 -0400 > To: "Research Triangle Java User's Group mailing list." <[EMAIL PROTECTED]> > Subject: Re: [Juglist] Re: HTTP authentication -- was too few warnings among > us about bad code > > At 06:29 PM 4/11/2004, you wrote: >> Um not an IBM extension. The servlet spec has session.invalidate() which >> works with form authentication but just dumps the session cache but not the >> authentication (which sits in the browser) > > > I'm talking about invalidating the authentication, not the servlet session. > WebSphere's authentication does not make any use of the servlet > session. They are separate things. > > > _______________________________________________ > Juglist mailing list > [EMAIL PROTECTED] > http://trijug.org/mailman/listinfo/juglist_trijug.org _______________________________________________ Juglist mailing list [EMAIL PROTECTED] http://trijug.org/mailman/listinfo/juglist_trijug.org
