Now that makes perfect sense. >-----Original Message----- >From: Michael [mailto:[EMAIL PROTECTED]] >Sent: 23 September 2002 13:50 >To: 'Struts Users Mailing List' >Subject: RE: How can I make my logout page not secure? > > >Ok, let's make it really simple for those who skipped their breakfast: > >A user logs in, uses the site, and then goes to lunch. Two >hours later (or 30 minutes if you're in the US) the user >returns and sees the website. He clicks on the logout link. >He gets a login page. He enters his user id and password, and >then sees the "You have logged out" page. > >I agree it is confusing. I feel that the user should never >get a login page when clicking on the logout link, and should >never get the logout page when logging in. Yet with container >managed security protecting *.do this is exactly what happens. > >Michael > >> -----Original Message----- >> From: Cliff Rowley [mailto:[EMAIL PROTECTED]] >> Sent: lundi 23 septembre 2002 14:42 >> To: 'Struts Users Mailing List' >> Subject: RE: How can I make my logout page not secure? >> >> >> Ok, I'm obviously missing a chunk of knowledge somewhere - >> but if you're already logged out, why do you want to log in - >> in order to log out and then log in again? Also, what is the >> impact of closing your browser and opening a new one? Do you >> get a new session? >> >> Sorry if I'm way out there with the fairies. >> >> >-----Original Message----- >> >From: Michael [mailto:[EMAIL PROTECTED]] >> >Sent: 23 September 2002 13:19 >> >To: 'Struts Users Mailing List' >> >Subject: RE: How can I make my logout page not secure? >> > >> > >> >I have the session serialization turned off and when I restart >> >tomcat, I have to log out and log back in. But to log out, >I have to >> >log in first. >> > >> >> Out of pure interest, why do you want logout unprotected? >> People who >> >> are logged out wont need to log out, will they? >> > >> > >> > >> >-- >> >To unsubscribe, e-mail: >> ><mailto:struts-user->[EMAIL PROTECTED]> >> >For >> >additional commands, >> >e-mail: <mailto:[EMAIL PROTECTED]> >> > >> > >> >> >> -- >> To unsubscribe, e-mail: >> <mailto:struts-user-> [EMAIL PROTECTED]> >> For >> additional commands, >> e-mail: <mailto:[EMAIL PROTECTED]> >> > > >-- >To unsubscribe, e-mail: ><mailto:struts-user->[EMAIL PROTECTED]> >For >additional commands, >e-mail: <mailto:[EMAIL PROTECTED]> > >
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
