Hi,
I use a JDBC Realm with FORM based authentication but haven't figured
out a way for users to log out. Is it just to call session.invalidate()
or is there any better way to do it?
Markus
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL
Prior to the Servlet 2.3 spec, it was ambiguous as to when a client was no
longer logged in. The 2.3 servlet spec states that a client is logged out
when their session is invalidated. So if Tomcat works as advertised,
session.invalidate() should do what you expect.
Eric Everman
At 12:49 PM
Hi Eric,
Thank you for verifying that. I've actually made my own authentication
before but when I read about container-managed authentication I realised
that that was exactly what I was looking for.
Is there any reason for keeping the users login as a session attribute
or is it better to use
There are definitely some issues involved here.
If you are working on a company site that will restrict access of the site
to a list of people that is managed separately (ie the HR department or IT
department adds a person as a user who is allowed to access the site),
container managed