Thanks Keith,
I figured out what I did wrong. It turns out that my logout servlet was
running in a separate Web application that is not part of the SSO
Realm. Of course, session.invalidate() does nothing to the SSO
session! Thanks a lot for your help!
Thanks a lot,
--
Rick
Keith Bottner
request.getSession().invalidate();
You may also want to invalidate any cookies you have set, but that is
specific to your needs.
Cookie cookies[] = request.getCookies();
Cookie cookie = null;
for (int i = 0; i cookies.length; i++)
{
cookie = cookies[i];
cookie.setMaxAge(0);