Hi, I am using Tomcat managed security where I am using JAASRealm.
I have implemented a LoginModule ... using which I can login easily. But how to logout ... doing session.invalidate() was what I thought would do the trick. It did ... BUT ... after having logged out it is impossible to login the way I want to login. Actually, I set up some attributes in the session after a successfull login. Everything goes fine upto authentication. But the moment I try to setup the attributes in the session I get a LoginException because I try to add attributes into a "session already invalidated" What is the way to logout ? How can I tell Tomcat to perform the logout procedure from the LoginModule I implemented rather than doing a "session.invalidate()" ??? Thanks & regards, -- Gagan
