Hi!
I have understood that logging out the current user should be done by calling session.invalidate() .. however, this does not seem to work: the session is emptied, but for instance request.getRemoteUser() will still return the same user as before invalidation.. Is this a Tomcat bug or have I misunderstood something here? I'm using Tomcat 4.0.1 and HTTP basic authenticationg without SSL. Thanks in advance. -juha- -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
