On Wed, 9 May 2001, Funkaster wrote:
> How can I expire a session? I tried session.setMaxInactiveInterval(0)
> and session.invalidate() but with no luck...
> The problem is that I have a servlet that uses simple http
> authentication, and I want the user to logout, but I just can't figure
> out how to do this... Is it a valid procedure to just delete the
> JSESSIONID cookie?
Authentication and sessions are different thing --
session.invalidate() is how you expire a session, but that has nothing
to do with authentication. I'm not sure how you handle invalidating
someone's authentication when you use simple http authentication. And
perhaps it might not even be possible, the authentication may be good
as long as the browser is still running. But I'm sure someone here
has more info on it (I'm sure this question has been asked before, I
just don't recall the exact answer -- for that matter, you might check
the list archives -- URL in the footer of each message to the list).
Milt Epstein
Research Programmer
Software/Systems Development Group
Computing and Communications Services Office (CCSO)
University of Illinois at Urbana-Champaign (UIUC)
[EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
