Exactly. Expiring the session will have nothing to do with BASIC HTTP
authentication. The browser is still
sending the HTTP header with the user/pass to login to that part of the
site.
When you expire the session, you can try a hack, and send back the HTTP
header that says "Sorry, your login
was incorrect", forcing them to login again.
Dion
> -----Original Message-----
> From: A mailing list for discussion about Sun Microsystem's Java Servlet
> API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Milt
> Epstein
> Sent: Wednesday, May 09, 2001 2:22 PM
> To: [EMAIL PROTECTED]
> Subject: Re: expire a session
>
>
> On Wed, 9 May 2001, Funkaster wrote:
>
> > How can I expire a session? I tried session.setMaxInactiveInterval(0)
> > and session.invalidate() but with no luck...
> > The problem is that I have a servlet that uses simple http
> > authentication, and I want the user to logout, but I just can't figure
> > out how to do this... Is it a valid procedure to just delete the
> > JSESSIONID cookie?
>
> Authentication and sessions are different thing --
> session.invalidate() is how you expire a session, but that has nothing
> to do with authentication. I'm not sure how you handle invalidating
> someone's authentication when you use simple http authentication. And
> perhaps it might not even be possible, the authentication may be good
> as long as the browser is still running. But I'm sure someone here
> has more info on it (I'm sure this question has been asked before, I
> just don't recall the exact answer -- for that matter, you might check
> the list archives -- URL in the footer of each message to the list).
>
> Milt Epstein
> Research Programmer
> Software/Systems Development Group
> Computing and Communications Services Office (CCSO)
> University of Illinois at Urbana-Champaign (UIUC)
> [EMAIL PROTECTED]
>
> __________________________________________________________________
> _________
> To unsubscribe, send email to [EMAIL PROTECTED] and include
> in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
