Prior to the Servlet 2.3 spec, it was ambiguous as to when a client was no longer logged in. The 2.3 servlet spec states that a client is logged out when their session is invalidated. So if Tomcat works as advertised, session.invalidate() should do what you expect.
Eric Everman At 12:49 PM 6/7/2002, you wrote: >Hi, >I use a JDBC Realm with FORM based authentication but haven't figured out >a way for users to log out. Is it just to call session.invalidate() or is >there any better way to do it? > > >Markus > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
