Ok... this is what I have:
if (! theRequest.isRequestedSessionIdValid() ) {
try {
theResponse.sendError(theResponse.SC_UNAUTHORIZED);
return;
} catch (IOException e) {
return;
}
}
and to finish the session, this is what I'm doing:
theSession.invalidate();
it's not working... aparently isRequestedSessionIdValid() only returns
false if there's no session Id (or it's a bad id). If I invalidate it,
tomcat will create a new one and becouse it has a valid Id, it won't
show the error... :-(
How can I check if a session has been invalidated?
Mike
On Wednesday, May 9, 2001, at 04:32 PM, Dion Almaer wrote:
> Exactly. Expiring the session will have nothing to do with BASIC HTTP
> authentication. The browser is still
> sending the HTTP header with the user/pass to login to that part of the
> site.
> When you expire the session, you can try a hack, and send back the HTTP
> header that says "Sorry, your login
> was incorrect", forcing them to login again.
>
> Dion
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
