On Tue, 2004-04-13 at 09:54, [EMAIL PROTECTED] wrote: > In our application the user has to log in. When he wants to log out in a > servlet I call session.invalidate() to kill the session and redirects to > the login page. The session is definitly not existing anymore, but the user > can't login until a timeout. > > When I disable cookies on the client, everything works fine. So it seems > that there is any information in the cookie that is not totally removed.
I presume you're using forms/session authentication. do you have any local session data which you can set to null? do you create a cookie yourself on the client, whose timeout you can set to 1 second and thus force it to expire? if you're using opera, there's bugs in its cookie handling, especially when you set the privacy to a high level. Paul --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
