Got it! Set all of the cookies max age to 0, and then call invalidate() on the session. In addition have the Action's success forward with redirect set to true and walla totally leveraged SSO integrated into your application with little to no effort.
Keith -----Original Message----- From: Keith Bottner [mailto:[EMAIL PROTECTED] Sent: Friday, August 06, 2004 4:47 PM To: 'Tomcat Users List' Subject: RE: SingleSiteLogon working, now how do I log them out? That was how I did handle it when I rolled my own security model through a base action. But now that I am using Single Site Logon it sets a Principal on the HttpServletRequest and I do not know how to invalidate the Principal. In Tomcat you can actually retrieve the user name and password that was used to log the user in through SingleSignOn using (BASIC, FORM, etc.) by doing a import org.apache.catalina.realm.GenericPrincipal; GenericPrincipal p = (GenericPrincipal)request.getUserPrincipal(); if ( p != null ) { String username = p.getName(); String password = p.getPassword(); } But this principal is now ATTACHED to the session and I can't seem to find a way to invalidate it or remote it? It is stored deep down in the bowels for Tomcat in something called their "notes" in CoyoteRequest which ends up being wrapped by CoyoteRequestFacade which does not allow access. Anyone else... Keith -----Original Message----- From: Isen,Ciji [mailto:[EMAIL PROTECTED] Sent: Friday, August 06, 2004 4:39 PM To: Tomcat Users List Subject: Re: SingleSiteLogon working, now how do I log them out? Hi, Well I suppose you are storing something in the session to store validation flag or you might be persisting a struts form object. Either way you can just remove that object or just invalidate the session. session.removeValue("value") or session.invalidate() Thats my take on your question.:-) Gig 'em Ciji Isen Keith Bottner wrote: >I have Single site logon working great with my application, however, I >am having a hard time trying to figure out how to log the user out when >they select log out. > >Anyone......please.... > >Keith > >Have you ever noticed that the word 'complaint' and 'compliant' are >spelled almost the same except the transposition of a single letter. I >wonder why that is? > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
