I am doing form based login using JDBCRealm and for logging out
I call request.getSession().invalidate().
The problem is that after invalidation (duering the very same
request) I can still use request.getRemoteUser() and it returns
user name just like before calling session.invalidate().
What would be the proper way of asking if the user is logged
in or not? I cannot set any session attributes duering login
process since I am using tomcat's built in JDBCRealm
authentication.
Oh and I am using latest nightly build of Tomcat 4.0.
Thank you so much for your time
with best wishes,
Taavi
