There seem to be some unexpected differences between BASIC authentication
and FORM based authentication (as specified by the <auth-method> tag in
web.xml).
Firstly, the realm of authentication can be specified using the
<realm-name> tag for BASIC authentication, but there seems to be no
equivalent for FORM based. Can the realm be specified for FORM based
authentication?
Secondly, when using FORM based authentication it is possible to "log-off"
by executing the statement session.invalidate(). With BASIC authentication
this does not seem to work. Why is this, and how should log-off be performed?
Thanks,
Nick
